nerdexam
Exams312-50V9Questions#441
EC-Council

312-50V9 · Question #441

312-50V9 Question #441: Real Exam Question with Answer & Explanation

The correct answer is A: Protocol analyzer. A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer--or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digit

Question

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options

  • AProtocol analyzer
  • BIntrusion Prevention System (IPS)
  • CNetwork sniffer
  • DVulnerability scanner

Explanation

A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer--or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network. A packet analyzer can analyze packet traffic saved in a PCAP file. https://en.wikipedia.org/wiki/Packet_analyzer

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice