CompTIA Security Plus Mock Test Q639

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

A. Honeypot
B. Port scanner
C. Protocol analyzer
D. Vulnerability scanner

Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. By capturing and analyzing the packets sent between the systems on the network, Ann would be able to quantify the amount of traffic on the network.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

Incorrect Answers:
A: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. A honeypot is not used to monitor device security. It is not used to calculate the volume of traffic on a network.
B: A port scanner is typically a software application used to scan a system such as a computer or firewall for open ports. A malicious user would attempt to access a system through an open port. A security administrator would compare the list of open ports against a list of ports that need to be open so that unnecessary ports can be closed thus reducing the vulnerability of the system. A port scanner is not used to calculate the volume of traffic on a network.
D: A vulnerability scanner is software designed to assess computers, computer systems, networks or applications for weaknesses. This includes applications or default configurations posing a security risk. A vulnerability scanner is not used to calculate the volume of traffic on a network.

References:
http://en.wikipedia.org/wiki/Wireshark