CompTIA Security Plus Mock Test Q573

Which of the following network devices is used to analyze traffic between various network interfaces?

A. Proxies
B. Firewalls
C. Content inspection
D. Sniffers


Correct Answer: D
Section: Threats and Vulnerabilities

Explanation:
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.

Incorrect Answers:
A: Web proxies tend to be used for caching web page content and/or restricting access to websites to aid compliance with company Internet usage policies. They are not used to analyze traffic between various network interfaces.
B: A firewall is designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All data packets entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria; typically a combination of port and IP address. A firewall is not used to analyze traffic between various network interfaces.
C: Content inspection is the process of examining typically web content as it is downloaded to a client computer. The content of a web page is examined but the data packets themselves are not captured and examined as is the case with a packet sniffer. Therefore this answer is incorrect.

References:
http://www.techopedia.com/definition/4113/sniffer