PrepAway - Latest Free Exam Questions & Answers

Which of the following tool or technology would work BE…

While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as“unknown” and does not appear to be within the bounds of the organizations Acceptable Use Policy.
Which of the following tool or technology would work BEST for obtaining more information on this traffic?

PrepAway - Latest Free Exam Questions & Answers

A.
Firewall logs

B.
IDS logs

C.
Increased spam filtering

D.
Protocol analyzer

2 Comments on “Which of the following tool or technology would work BE…

  1. JohnnyMac says:

    I think if you were watching in real time, a protocol analyzer would be best, but this is referencing something that happened prior (reviewing monthly usage). I would guess that A: Firewall Logs would be most appropriate. The usage doesn’t fall within the “Acceptable Use Policy” however I don’t believe it would be logged by the IDS unless the IDS thought the traffic was an intrusion. The Firewall, would log it all.

    This: https://www.sans.org/reading-room/whitepapers/firewalls/firewall-logs-811 has some good info on firewalls.




    3



    3

Leave a Reply