nerdexam
GIAC

GCED · Question #87

GCED Question #87: Real Exam Question with Answer & Explanation

The correct answer is C. Filter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream. See the full explanation below for the reasoning.

Question

An internal host at IP address 10.10.50.100 is suspected to be communicating with a command and control whenever a user launches browser window. What features and settings of Wireshark should be used to isolate and analyze this network traffic?

Options

  • AFilter traffic using ip.src = = 10.10.50.100 and tcp.srcport = = 80, and use Expert Info
  • BFilter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 53, and use Expert Info
  • CFilter traffic using ip.src = = 10.10.50.100 and tcp.dstport = = 80, and use Follow TCP stream
  • DFilter traffic using ip.src = = 10.10.50.100, and use Follow TCP stream

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice