ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 120 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 120
Topic #: 1
[All 312-50v11 Questions]

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

  • A. Protocol analyzer
  • B. Network sniffer
  • C. Intrusion Prevention System (IPS)
  • D. Vulnerability scanner
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ms200 at July 5, 2021, 1:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Snipa_x
Highly Voted 1 year, 8 months ago
You can use a sniffer to create a pcap file but you need a protocol analyzer. An example of a protocol analyzer is WireShark which you can clearly use to analyze a pcap file. So yeah the answer is correct.
upvoted 35 times
Silascarter
1 year, 7 months ago
Great job you are doing in all your explanations. Thanks
upvoted 7 times
...
...
Daniel8660
Highly Voted 6 months, 1 week ago
Selected Answer: A
A protocol analyzer is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel. Purpose is to monitor network usage and identify malicious network traffic generated by hacking software installed on the network. (P.1106/1090)
upvoted 5 times
...
Urltenm
Most Recent 1 year, 2 months ago
WireShark is enough for all tasks....
upvoted 2 times
...
ANDRESCB1988
1 year, 9 months ago
correct
upvoted 1 times
...
Tara8595
1 year, 9 months ago
Protocol analyzer = Packet sniffer
upvoted 4 times
brdweek
1 year, 8 months ago
yea Protocol analyzer is in Packet sniffer hmm
upvoted 1 times
...
...
ms200
1 year, 9 months ago
Not network sniffer?
upvoted 2 times
spydog
1 year, 6 months ago
Sniffer in general can be used only to capture the traffic. Protocol analyser is need to read the capture, parse it properly and provide you easy way to read the content. The confusion is that the most well known tool - Wireshark can do both, but those are two different roles.
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago