nerdexam
Exams200-201Questions#466
CiscoCisco

200-201 · Question #466

200-201 Question #466: Real Exam Question with Answer & Explanation

The correct answer is D: Frames No. 4371 and 4382. To determine which frames contain a file that is extractable from Wireshark, we need to focus on frames that contain file transfer protocols (like HTTP or FTP) and look for GET requests or other file download indications. Looking at the data in the screenshot: Frame No. 4371 show

Submitted by tyler.j· Mar 6, 2026Network Intrusion Analysis

Question

Refer to the exhibit. Which frame numbers contain a file that is extractable from Wireshark PCAP?

Options

  • AFrame No. 4382
  • BFrames No. 4381 and 4382
  • CFrame No. 4371
  • DFrames No. 4371 and 4382

Explanation

To determine which frames contain a file that is extractable from Wireshark, we need to focus on frames that contain file transfer protocols (like HTTP or FTP) and look for GET requests or other file download indications. Looking at the data in the screenshot: Frame No. 4371 shows an HTTP request (GET /player/pl/The.Resident.txt) on port 80. This suggests that a file named The.Resident.txt was requested via HTTP, which is a file that could potentially be extracted. Frame 4382 contains the HTTP 200 OK response, which indicates that the file transfer is complete and the file can be extracted from this packet. Wireshark allows extraction of such files through its "Follow TCP Stream" feature or directly from the packets that contain the file data.

Topics

#Wireshark#PCAP Analysis#File Extraction#Network Forensics

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions