CiscoCisco
200-201 · Question #322
200-201 Question #322: Real Exam Question with Answer & Explanation
The correct answer is A: full packet. To thoroughly analyze both the payload and header information of network communications, an engineer must capture full packets.
Submitted by noor.lb· Mar 6, 2026Network Intrusion Analysis
Question
Which type of data must an engineer capture to analyze payload and header information?
Options
- Afull packet
- Bframe check sequence
- Calert data
- Dsession logs
Explanation
To thoroughly analyze both the payload and header information of network communications, an engineer must capture full packets.
Common mistakes.
- B. The frame check sequence (FCS) is used for error detection at the end of an Ethernet frame and does not contain payload or header information for analysis.
- C. Alert data refers to security notifications and logs generated by systems, not the raw network traffic containing full headers and payloads.
- D. Session logs record metadata about network sessions but typically do not contain the full payload or detailed header information of every packet within a session.
Concept tested. Packet capture components (full packet)
Reference. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-overview
Topics
#Packet capture#Network analysis#Payload analysis#Header analysis
Community Discussion
No community discussion yet for this question.