nerdexam
Exams212-82Questions#134
EC-CouncilEC-Council

212-82 · Question #134

212-82 Question #134: Real Exam Question with Answer & Explanation

The correct answer is B: Traffic seems normal SSH and VNC are commonly used by programmers for secure remote. The observed traffic patterns of SSH and VNC connections between a development server and programmer workstations during business hours are normal, as these protocols are standard for secure remote access and collaboration in development environments.

Submitted by jian89· Mar 6, 2026Cloud Security Operations & Incident Response

Question

As a network security analyst for a video game development company, you are responsible for monitoring the traffic patterns on the development server used by programmers. During business hours, you notice a steady stream of data packets moving between the server and internal programmer workstations. Most of this traffic is utilizing TCP connections on port 22 (SSH) and port 5900 (VNC). Based on this scenario, what does it describe?

Options

  • ATraffic appears suspicious - The presence of encrypted connections might indicate attempts to
  • BTraffic seems normal SSH and VNC are commonly used by programmers for secure remote
  • CTraffic is because of malware infection - Frequently used SSH & VNC Ports could indicate
  • DThe situation is inconclusive - Further investigation is necessary to determine the nature of the

Explanation

The observed traffic patterns of SSH and VNC connections between a development server and programmer workstations during business hours are normal, as these protocols are standard for secure remote access and collaboration in development environments.

Common mistakes.

  • A. Encrypted connections like SSH are a cybersecurity best practice for secure communication and do not inherently indicate suspicious activity; rather, they suggest legitimate secure remote access.
  • C. While malware can utilize various ports, attributing the traffic solely to a malware infection without additional indicators of compromise, especially when the activity aligns with normal development operations, is an incorrect assumption.
  • D. Based on the context of a development server, programmers, and common usage of SSH and VNC during business hours, the situation is not inconclusive; the traffic pattern is consistent with legitimate and expected activities.

Concept tested. Network traffic analysis, common service ports

Reference. https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview

Topics

#Network monitoring#SSH#VNC#Traffic analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 212-82 PracticeBrowse All 212-82 Questions