Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 233

An engineer must investigate suspicious connections. Data has been gathered using a tcpdump command on a Linux device and saved as sandboxmalware2022-12-22.pcaps file. The engineer is trying to open the tcpdump in the Wireshark tool. What is the expected result?

Answer options

• A. The file is opened.
• B. The tool does not support Linux.
• C. The file does not support the “-“ character.
• D. The file has an incorrect extension.

Correct answer: A

Explanation

The correct answer is A because Wireshark supports opening files created by tcpdump, including those with the .pcap extension. The other options are incorrect as Wireshark is compatible with Linux, it can handle files with the “-“ character, and the extension .pcaps is valid for Wireshark.