CompTIA Security Plus Mock Test Q635

Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

A. Logical token
B. Performance monitor
C. Public key infrastructure
D. Trusted platform module

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
Performance Monitor in a Windows system can monitor many different ‘counters’. For TCP network connections, you can monitor specific TCP related counters including the following:
Connection Failures
Connections Active
Connections Established
Connections Passive
Connections Reset
Segments Received/sec
Segments Retransmitted/sec
Segments Sent/sec
Total Segments/sec
By monitoring the counters listed above, you will be able to detect security-related TCP connection anomalies.

Incorrect Answers:
A: A logical token is used in Token Ring networks. A logical token is not a tool that would provide information regarding TCP connection anomalies.
C: A Public key infrastructure (PKI) describes a system of providing certificates for public key cryptography. For example, a Certificate Authority would provide digital certificates to computers or users in the network for secured communications. A PKI is not a tool that would provide information regarding TCP connection anomalies.
D: A Trusted platform module is a chip that securely stores cryptographic keys and other data. It is not a tool that would provide information regarding TCP connection anomalies.