Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic?
network traffic..netstat? no no my dear...netsta will give you the IP's, ports and state of the connections but won't help you decipher network traffic..wireshark (protocol analyzer)
tricky question.. again...
I believe the answer is C under the question context.
It mention "multiple connections" how can we "decipher the network traffic" to discover what are those "multiple connections"
NESTAT is probably the right answer. This seems like one of those typical Comptia questions whose aim is to confuse, however, the key to the answer is this: "and noticed multiple connections from an internal host" while she was monitoring. So the main question is to get information about a host and not the IDS she was monitoring. In order to get that information, NETSTAT seems like the best option, since she will have to run it on the particular host
Answer the question, not the previous sentence. They provide information that she noticed multiple connections, and then they ASK how to decipher network traffic.
With IDS she was already able to confirm multiple connections. You will run netstat on the source node but cannot decipher network traffic. Has to be protocol analyzer
Answer is D. The question specifically asks for the examination of network traffic, not connections. If we run netstat we will get I formation about open connections, but will get no information on the traffic or it’s contents.
Connections = netstat
Traffic = packet analyser
Don't let the " decipher the network traffic" get you. a callback domain is not a full url, but a domain name, IP address or hostname: localhost. Hence, Ann needs netstat command to figure things out first. The fact that it is a suspicious callback not necessary means that it is malicious. It might just be an external site processing a payment.
C. NETSTAT. Does she need to analyze the CONTENTS (packets) of the network traffic or the incoming and outgoing connections and routing? The question doesn't indicate that she wants to see the contents of the traffic, so she doesn't need a packet analyazer.
Exactly, I do this sort of thing for my job daily and you can get no traffic information with netstat in comparison to tcp dump viewing every packet on the wire.
Netstat analyses network connections, and a packet analyser analyses network traffic. As Ann wants to decipher network traffic, D is the correct answer.
D. The keyword is decipher. The normal meaning of decipher is decrypt. Maybe "analyze" was the intent of the question. But cipher implies encrypted. Synonyms for decipher:
decode, decrypt, decipher(verb) convert code into ordinary language. Synonyms: decrypt, decode, trace.
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Death2QuestionWriters
Highly Voted 4 years, 9 months agoBasem
Highly Voted 5 years, 7 months agokyky
4 years, 10 months agokyky
4 years, 10 months agoslackbot
Most Recent 2 months, 3 weeks agojemusu
3 years, 9 months agobek123
3 years, 9 months agoMortG7
4 years, 2 months agokaheri
4 years, 2 months agomhpmyt7
4 years, 6 months agomacera8796
4 years, 9 months agokdce
4 years, 10 months agoMagicianRecon
4 years, 10 months agoSimonR2
4 years, 10 months agoCYBRSEC20
4 years, 10 months agoMelvinJohn
5 years, 1 month agoNicker92
4 years, 11 months agoSimonR2
4 years, 10 months agoThe_Temp
5 years, 1 month agoKt45
5 years, 1 month agoMelvinJohn
5 years, 2 months ago