CompTIA Security Plus Mock Test Q641

Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

A. Switches
B. Protocol analyzers
C. Routers
D. Web security gateways

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. By capturing and analyzing the packets, Pete will be able to determine the type, source, and flags of the packets traversing a network for troubleshooting purposes.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

Incorrect Answers:
A: A switch is a network device that Ethernet cables plug in to. The switch will direct traffic received on one switch port out on one or more other switch ports based on the MAC address of the destination computer(s). A switch receives and transmits network packets. It is not used to examine the contents of the packets to view the type, source, and flags of the packets.
C: A router is a network device that routes data traffic according to the IP address of the destination computer(s). A router receives and transmits network packets. It is not used to examine the contents of the packets to view the type, source, and flags of the packets.
D: A web security gateway can be thought of as a proxy server (performing proxy and caching functions) with web protection software built in. Depending on the vendor, the “web protection” can range from a standard virus scanner on incoming packets to monitoring outgoing user traffic for red flags as well. Potential red flags that the gateway can detect and/or prohibit include inappropriate content, trying to establish a peer-to-peer connection with a file-sharing site, instant messaging, and unauthorized tunneling. You can configure most web security gateways to block known HTTP/HTML exploits, strip ActiveX tags, strip Java applets, and block/strip cookies. A web security gateway is not used to examine the contents of the packets to view the type, source, and flags of the packets.

References:
http://en.wikipedia.org/wiki/Wireshark