CAS-003 · Question #494
CAS-003 Question #494: Real Exam Question with Answer & Explanation
The correct answer is D: Review network and traffic logs. To understand how an unknown node operates on the network, two complementary approaches are most effective. Reviewing network and traffic logs (D) reveals what the node has been communicating with, which ports and protocols it uses, what data it sends and receives, and which othe
Question
Options
- AUse reverse engineering and techniques
- BAssess the node within a continuous integration environment
- CEmploy a static code analyzer
- DReview network and traffic logs
- EUse a penetration testing framework to analyze the node
- FAnalyze the output of a ping sweep
Explanation
To understand how an unknown node operates on the network, two complementary approaches are most effective. Reviewing network and traffic logs (D) reveals what the node has been communicating with, which ports and protocols it uses, what data it sends and receives, and which other systems it interacts with - all of which characterize its behavior and role without actively probing it. Using a penetration testing framework (E) (such as Metasploit or Nmap-based scanning) allows the engineer to actively probe the node: discovering open ports, running services, OS fingerprinting, and potential vulnerabilities, painting a picture of what the node does. Assessing within a CI environment (B) is a software development practice irrelevant here. A static code analyzer (C) requires access to source code. A ping sweep (F) only confirms connectivity and IP addresses, revealing nothing about how the node operates. Reverse engineering (A) could be useful for firmware/software but is not a network-level approach to understanding node behavior.
Community Discussion
No community discussion yet for this question.