Comptia Security Plus Mock Test Q19

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?

A. Spam filter
B. Protocol analyzer
C. Web application firewall
D. Load balancer

Correct Answer: B
Section: Network Security

Explanation:
A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually.

Incorrect Answers:
A: A spam filter is a software or hardware tool whose primary purpose is to identify and block/filter/remove unwanted messages (that is, spam). Spam is most commonly associated
with email, but spam also exists in instant messaging (IM), short message service (SMS), Usenet, and web discussions/forums/comments/blogs. Because spam consumes about 89
percent of all email traffic (see the Intelligence Reports at www.messagelabs.com), it’s essential to filter and block spam at every opportunity.

C: A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It’s intended to be
an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.

D: A load balancer is used to spread or distribute network traffic load across several network links or network devices.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 10, 18, 19