Why should an engineer use a full packet capture to investigate a security breach?
A.
It captures the TCP flags set within each packet for the engineer to focus on suspicious packets to identify malicious activity
B.
It collects metadata for the engineer to analyze, including IP traffic packet data that is sorted, parsed, and indexed.
C.
It provides the full TCP streams for the engineer to follow the metadata to identify the incoming threat.
D.
It reconstructs the event allowing the engineer to identify the root cause by seeing what took place during the breach
The Answer Is:
D
This question includes an explanation.
Explanation:
Full packet capture (FPC) is a valuable tool for investigating security breaches because it provides comprehensive data that can be used to reconstruct the event and identify the root cause. By capturing every packet, FPC allows engineers to see exactly what took place during the breach, including the TCP flags set within each packet, which can help focus on suspicious packets to identify malicious activity. It also collects metadata,including IP traffic packet data that is sorted, parsed, and indexed, and provides the full TCP streams to follow the metadata to identify the incoming threat
200-201 PDF/Engine
Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions
Get 65% Discount on All Products,
Use Coupon: "ac4s65"