EC-Council
312-50V9 · Question #382
312-50V9 Question #382: Real Exam Question with Answer & Explanation
The correct answer is C: Protocol analyzer. A protocol analyzer is the correct tool for opening and inspecting a PCAP file to determine whether captured packets are malicious.
Question
A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?
Options
- AIntrusion Prevention System (IPS)
- BVulnerability scanner
- CProtocol analyzer
- DNetwork sniffer
Explanation
A protocol analyzer is the correct tool for opening and inspecting a PCAP file to determine whether captured packets are malicious.
Common mistakes.
- A. An Intrusion Prevention System operates inline on live network traffic to block threats in real time and cannot open or analyze saved PCAP files.
- B. A vulnerability scanner probes live hosts or applications for known weaknesses and is not designed to parse or analyze packet capture files.
- D. A network sniffer captures live traffic from a network interface and is optimized for collection rather than the deep protocol-level forensic decoding of a pre-saved PCAP file.
Concept tested. Protocol analyzer use for PCAP forensic packet analysis
Reference. https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
Community Discussion
No community discussion yet for this question.