ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 236 discussion

Actual exam question from CompTIA's CS0-002
Question #: 236
Topic #: 1
[All CS0-002 Questions]

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture ”. The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will BEST accomplish the analyst’s objectives?

  • A. tcpdump -w packetCapture
  • B. tcpdump -a packetCapture
  • C. tcpdump -n packetCapture
  • D. nmap -v > packetCapture
  • E. nmap -oA > packetCapture
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Frog_Man at Dec. 2, 2022, 11:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Comptia_Secret_Service
Highly Voted 2 years, 4 months ago
Selected Answer: A
the key phrase "analyzed at a later time", -w flag for tcpdump will allow you to save the result into a file for "later" analysis. Ya'll are clowns lol.
upvoted 13 times
2Fish
2 years, 1 month ago
Bahahah... correct! -w for the win.
upvoted 3 times
...
...
iraidesc
Most Recent 2 years, 2 months ago
Selected Answer: A
The answer is A
upvoted 1 times
...
bob12356
2 years, 4 months ago
Selected Answer: A
The -w flag allows tcpdump to save the captured packets in a file. The file will be in a binary format that can be processed by other tools, but not easily readable by humans. The other options are incorrect because: -a is not a valid flag for tcpdump. -n is a flag that tells tcpdump to not convert IP addresses and port numbers to names, but it does not affect the output format of the packets. nmap is a tool used for network discovery and security auditing, but it is not the best choice for capturing packets. The -v and -oA flags are also not relevant for packet capture.
upvoted 3 times
...
mrodmv
2 years, 4 months ago
Selected Answer: A
-w file Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. https://www.tcpdump.org/manpages/tcpdump.1.html
upvoted 3 times
...
mrodmv
2 years, 4 months ago
Selected Answer: B
https://www.tcpdump.org/manpages/tcpdump.1.html
upvoted 1 times
...
Frog_Man
2 years, 4 months ago
B - tcpdump -a prints in ASCII
upvoted 1 times
Frog_Man
2 years, 4 months ago
Note how it is typed on the actual test. There is an upper case A, but not a lower case a for tcpdump, so the selection "-w" would be a better answer.
upvoted 1 times
...
...
Frog_Man
2 years, 4 months ago
B - prints in ASCII format
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago