单项选择题
You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data.
What should you do? ()
A. Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C. Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
相关考题
-
单项选择题
Your company has a server named DC1 that runs Windows Server 2008 R2. Server1 has the DHCP Server server role installed.You find that a desktop computer named Computer1 is unable to obtain an IP configuration from the DHCP server.You install the Microsoft Network Monitor 3.0 application on Server1. You enable P-mode in the Network Monitor application configuration. You plan to capture only the DHCP server-related traffic between Server1 and Computer1.The network interface configuration for the two computers is shown in the following table. Server1 Computer1 IP address 192.168.2.1 169.254.15.84 MAC address 00-0A-5E-1C-7F-67 00-17-31-D5-5E-FF You need to build a filter in the Network Monitor application to capture the DHCP traffic between Server1 and Computer1. Which filter should you use?()
A. IPv4.Address == 169.254.15.84 && DHCP
B. IPv4.Address == 192.168.2.1 && DHCP
C. Ethernet.Address == 0x000A5E1C7F67 && DHCP
D. Ethernet.Address == 0x001731D55EFF && DHCP -
多项选择题
Your company has a main office and a branch office. The branch office has three servers that run a Server Core installation of Windows Server 2008 R2. The servers are named Server1, Server2, and Server3. You want to configure the Event Logs subscription on Server1 to collect events from Server2 and Server3. You discover that you cannot create a subscription on Server1 from another computer. You need to configure a subscription on Server1. Which two actions should you perform?()
A. Run the wecutil cs subscription.xml command on Server1.
B. Run the wevtutil im subscription.xml command on Server1.
C. Create an event collector subscription configuration file. Name the file subscription.xml.
D. Create a custom view on Server1 by using Event Viewer. Export the custom view to a file named subscription . xml. -
多项选择题
Your company has a network that has an Active Directory domain. The domain has two servers named DC1 and DC2. You plan to collect events from DC2 and transfer them to DC1. You configure the required subscriptions by selecting the Normal option for the Event delivery optimization setting and by using the HTTP protocol. You discover that none of the subscriptions work. You need to ensure that the servers support the event collectors. Which three actions should you perform?()
A. Run the wecutil qc command on DC1.
B. Run the wecutil qc command on DC2.
C. Run the winrm quickconfig command on DC1.
D. Run the winrm quickconfig command on DC2.
E. Add the DC2 account to the Administrators group on DC1.
F. Add the DC1 account to the Administrators group on DC2.
