GIAC
GCIH · Question #586
GCIH Question #586: Real Exam Question with Answer & Explanation
The correct answer is D: 06:45 to 7:30. Since the machine described to go with this bandwidth chart is a public download only FTP server, a large spike in upload (inbound) traffic would be worthy of further investigation. Normal FTP download traffic has a small amount of input traffic and large amounts of outbound traf
Question
During routine examination of bandwidth data for your company's DMZ, an anomaly was discovered with the activity to a public-facing, download only FTP server. To begin your investigation, traffic and logs files from which time frame should be reviewed?
Exhibit
Options
- A14:15 to 15:30
- B09:00 to 12:45
- C00:00 to 04:30
- D06:45 to 7:30
Explanation
Since the machine described to go with this bandwidth chart is a public download only FTP server, a large spike in upload (inbound) traffic would be worthy of further investigation. Normal FTP download traffic has a small amount of input traffic and large amounts of outbound traffic. The three incorrect answers all exhibit this behavior.
Community Discussion
No community discussion yet for this question.