Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence
again. Which of the following utilities was he MOST likely using to view this issue?
Web application firewall
A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a
protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either
case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or
onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and
scripts or manually.
A: A spam filter is a software or hardware tool whose primary purpose is to identify and block/filter/remove
unwanted messages (that is, spam). Spam is most commonly associated with email, but spam also exists in
instant messaging (IM), short message service (SMS), Usenet, and web discussions/forums/comments/blogs.
Because spam consumes about 89 percent of all email traffic (see the Intelligence Reports at
www.messagelabs.com), it’s essential to filter and block spam at every opportunity.C: A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of
communication rules for a website and all visitors. It’s intended to be an application-specific firewall to prevent
cross-site scripting, SQL injection, and other web application attacks.
D: A load balancer is used to spread or distribute network traffic load across several network links or network
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 10, 18, 19