Home » ECCouncil » 312-50 » What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?
A. Protocol analyzer
B. Intrusion Prevention System (IPS)
C. Network sniffer
D. Vulnerability scanner
Correct Answer: A
Explanation/Reference:
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network. A packet analyzer can analyze packet traffic saved in a PCAP file.
References: https://en.wikipedia.org/wiki/Packet_analyzer
Free dumps for 312-50v11 in Printable PDF format.
High quality PDF and software. VALID exam to help you pass.
|
|
Download Printable PDF. VALID exam to help you PASS.
|
|
It was network sniffer according to my professor.
It should be IPS.
No it shouldn’t.
A protocol analyzer tool can open a PCAP file and read the contents of all captured traffic in order to find out if that sequence was legit or not. The IPS would not be a mere tool but instead a server and it would prevent that whole traffic.
So A is correct.