. Question 1

What is port mirroring primarily used for?

• ❌ Restricting unauthorized access

• ❌ Encrypting data packets

• ❌ Enhancing network speed

• ✅ Monitoring and analyzing network traffic for errors and security issues

Explanation:
Port mirroring copies traffic from one port to another so admins can inspect and analyze it.

---

2. Question 2

Which tool puts a NIC in promiscuous mode?

• ❌ Router

• ✅ Wireshark

• ❌ Firewall

• ❌ VPN

Explanation:
Wireshark enables a NIC to capture all packets on the network segment.

---

3. Question 3

Why is UDP used for streaming?

• ❌ TCP is too slow because of three-way handshake

• ✅ UDP allows for faster transmission of data

• ❌ UDP is more reliable

• ❌ UDP ensures ordered delivery

Explanation:
UDP has no acknowledgment or retransmission overhead → ideal for real-time streaming.

---

4. Question 4

Primary function of Syslog?

• ❌ Control network traffic

• ✅ Separate message generation, storage, and analysis systems

• ❌ Manage databases

• ❌ Optimize performance

Explanation:
Syslog standardizes logging by separating message creation, storage, and reporting.

---

5. Question 5

Primary function of DNS?

• ❌ Filtering traffic

• ✅ Translating domain names to IP addresses

• ❌ Assigning IPs

• ❌ Managing security

Explanation:
DNS converts readable names (google.com) into IP addresses.

---

6. Question 6

Role of IDS with port mirroring?

• ❌ Acts as a firewall

• ✅ Analyzes mirrored traffic for anomalies and alerts

• ❌ Encrypts traffic

• ❌ Compresses data

Explanation:
IDS examines mirrored data to detect intrusions or suspicious behavior.

---

7. Question 7

Primary difference between TCP and UDP?

• ❌ TCP does not require a connection

• ✅ UDP sends data packets without establishing a connection

• ❌ UDP ensures ordered delivery

• ❌ TCP sends data without confirming delivery

Explanation:
UDP = connectionless, fast.
TCP = connection-oriented, reliable.

---

🧾 Summary Table

---