Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in
sequence again. Which of the following utilities was he MOST likely using to view this issue?

A.
Spam filter

B.
Protocol analyzer

C.
Web application firewall

D.
Load balancer

Explanation:
A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a
sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host
system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic
and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with
complex automated tools and scripts or manually.
Incorrect Answers:
A: A spam filter is a software or hardware tool whose primary purpose is to identify and
block/filter/remove unwanted messages (that is, spam). Spam is most commonly associated with email,
but spam also exists in instant messaging (IM), short message service (SMS), Usenet, and web
discussions/forums/comments/blogs. Because spam consumes about 89 percent of all email traffic (see
the Intelligence Reports at www.messagelabs.com), it’s essential to filter and block spam at every
opportunity.C: A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict
set of communication rules for a website and all visitors. It’s intended to be an application-specific
firewall to prevent cross-site scripting, SQL injection, and other web application attacks.
D: A load balancer is used to spread or distribute network traffic load across several network links or
network devices.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 10, 18, 19