nerdexam
Exams210-255Questions#22
Cisco

210-255 · Question #22

210-255 Question #22: Real Exam Question with Answer & Explanation

The correct answer is D: SSL. The PCAP file contains SSL traffic, identifiable by the characteristic TLS/SSL handshake messages visible in the packet capture.

Question

Refer to the exhibit. Which application protocol is in this PCAP file?

Exhibit

210-255 question #22 exhibit

Options

  • ATCP
  • BSSH
  • CHTTP
  • DSSL

Explanation

The PCAP file contains SSL traffic, identifiable by the characteristic TLS/SSL handshake messages visible in the packet capture.

Common mistakes.

  • A. TCP is a transport layer protocol, not an application protocol - it is the underlying carrier of the SSL session, not the application-level protocol being analyzed.
  • B. SSH is a separate application protocol used for secure remote shell access over port 22 and has a fundamentally different packet structure than SSL/TLS.
  • C. HTTP is an unencrypted application protocol operating on port 80 and lacks the handshake and encrypted record structure visible in this PCAP.

Concept tested. Identifying SSL/TLS application traffic in packet captures

Reference. https://wiki.wireshark.org/TLS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice