In NSM data types, which two statements describe full packet capture and extracted content? (Choose two.)

The two statements that correctly describe full packet capture and extracted content are:

• Full packet capture records all the network traffic at some particular locations in the network. Full packet capture involves recording every bit of information that passes through a network at a certain point, which allows for a very detailed examination of the traffic, including headers, payloads, and trailers of packets.
• Most often, extracted content takes the form of files such as images retrieved by a web browser or attachments to email messages. Extracted content refers to data that has been extracted from the full packet capture, such as specific files or pieces of information. For instance, this could include files downloaded from the internet, email attachments, or other data transmitted over the network.

The analogy of a SOC analyst examining extracted content to a detective reviewing a wiretap is somewhat fitting; however, a wiretap typically involves listening to and recording live voice communications, which is more akin to real-time packet capture or interception. Extracted content is more like evidence that has been collected and is being reviewed after the fact.