CompTIA Security Plus Mock Test Q637

Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?

A. Protocol analyzer
B. Router
C. Firewall
D. HIPS


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing and analyzing the packets sent from two systems that are not communicating properly could help determine the cause of the issue.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

Incorrect Answers:
B: A router is used to route traffic between hosts on different networks. It is not used to capture and analyze network traffic.
C: A firewall is used to block unauthorized traffic from accessing hosts on a network. It is not used to capture and analyze network traffic.
D: A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion. It is not used to capture and analyze network traffic.

References:
http://en.wikipedia.org/wiki/Wireshark