CompTIA Security Plus Mock Test Q638

Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?

A. Protocol analyzer
B. Baseline report
C. Risk assessment
D. Vulnerability scan


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing and analyzing the packets sent between applications on systems that are not communicating properly could help determine the cause of the issue.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

Incorrect Answers:
B: A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline). It is not used to troubleshoot communication issues between applications.
C: A risk assessment is the process of evaluating threats and vulnerabilities to the network and/or I.T. infrastructure. It is not used to troubleshoot communication issues between two applications.
D: A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment. It is not used to troubleshoot communication issues between two applications.

References:
http://en.wikipedia.org/wiki/Wireshark