An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?
A. Protocol analyzer
B. Intrusion Prevention System (IPS)
C. Network sniffer
D. Vulnerability scanner
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
It was network sniffer according to my professor.
It should be IPS.
No it shouldn’t.
A protocol analyzer tool can open a PCAP file and read the contents of all captured traffic in order to find out if that sequence was legit or not. The IPS would not be a mere tool but instead a server and it would prevent that whole traffic.
So A is correct.