nerdexam
Exams200-201Questions#182
CiscoCisco

200-201 · Question #182

200-201 Question #182: Real Exam Question with Answer & Explanation

The correct answer is A: by most active source IP. By focusing on the most active or aggressive source IP address generating the intensive network scanning traffic, the analyst can isolate the suspicious host. This approach involves identifying the source IP address that's responsible for the majority of the scanning activities,

Submitted by valeria.br· Mar 6, 2026Network Intrusion Analysis

Question

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

Options

  • Aby most active source IP
  • Bby most used ports
  • Cbased on the protocols used
  • Dbased on the most used applications

Explanation

By focusing on the most active or aggressive source IP address generating the intensive network scanning traffic, the analyst can isolate the suspicious host. This approach involves identifying the source IP address that's responsible for the majority of the scanning activities, allowing the security team to isolate and investigate the system associated with that particular IP address.

Topics

#network scanning#traffic analysis#incident investigation#source IP

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions