nerdexam
EC-Council

312-50V10 · Question #560

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was capture

The correct answer is A. Protocol analyzer. A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer--or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digit

Evading IDS, Firewalls, and Honeypots

Question

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options

  • AProtocol analyzer
  • BIntrusion Prevention System (IPS)
  • CNetwork sniffer
  • DVulnerability scanner

How the community answered

(22 responses)
  • A
    73% (16)
  • B
    9% (2)
  • C
    14% (3)
  • D
    5% (1)

Explanation

A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer--or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network. A packet analyzer can analyze packet traffic saved in a PCAP file. https://en.wikipedia.org/wiki/Packet_analyzer

Topics

#protocol analyzer#PCAP analysis#IDS false positive#packet inspection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice