exam questions

Exam CFR-310 All Questions

View all questions & answers for the CFR-310 exam

Exam CFR-310 topic 1 question 19 discussion

Actual exam question from CertNexus's CFR-310
Question #: 19
Topic #: 1
[All CFR-310 Questions]

An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?

  • A. Hex editor
  • B. tcpdump
  • C. Wireshark
  • D. Snort
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
044f354
3 months ago
Selected Answer: C
C. Wireshark Explanation: Wireshark is a powerful network protocol analyzer that allows the incident responder to capture and examine network traffic in detail. It is widely used for analyzing malicious traffic, identifying attack patterns, and understanding the nature of suspicious network activity. Why the other answers are less suitable: A. Hex editor: A hex editor is used to view and edit raw data files, but it is not designed for analyzing network traffic. B. tcpdump: While tcpdump is a great command-line tool for capturing network traffic, Wireshark provides a more user-friendly interface with advanced filtering and analysis features, making it more suitable for detailed analysis. D. Snort: Snort is an intrusion detection/prevention system (IDS/IPS) that monitors traffic in real-time and alerts on suspicious activity, but it is not primarily used for deep traffic analysis like Wireshark.
upvoted 1 times
...
Wutan
1 year, 3 months ago
Selected Answer: C
The answer is C. Wireshark. Wireshark is a network packet analyzer that can be used to capture and analyze network traffic.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago