Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?
Bandwidth monitors can be used to capture network traffic and identify any unusual traffic patterns, such as a spike in traffic during specific times of the day. This can help security analysts investigate and identify any potential malicious activity. Web metadata is not likely to be useful in investigating network traffic, system files are typically used to troubleshoot and diagnose system issues, and correlation dashboards are used to analyze and present data from multiple sources in a single view.
-B is correct, Bandwidth monitors
Security analysts should use bandwidth monitors to investigate the issue of the network becoming flooded with malicious packets at specific times of the day. Bandwidth monitors can help identify unusual spikes in network traffic and can be used to monitor bandwidth usage by specific hosts or applications. By analyzing the data collected by the bandwidth monitors, analysts can identify the source and nature of the malicious traffic.
The packets are already identified as malicious. The spike is in traffic and the pattern is already noticed. Those are information that bandwidth monitor will provide. The investigation here is to determine the possible sources and causes of the spike and that will be provided by Correlation logs. I choose option D.
The best way for analysts to investigate this issue is through D. Correlation dashboards.
Correlation dashboards allow analysts to visualize and correlate different data points in real-time, making it easier to identify patterns and anomalies such as the flooding of malicious packets at specific times. These dashboards can integrate data from various sources, including network traffic, system logs, and security alerts, providing a comprehensive view of the network’s security posture.
While options A, B, and C can provide useful information, they may not offer the holistic view or real-time analysis capabilities that a correlation dashboard can. Therefore, a correlation dashboard would be the most effective tool for investigating this issue.
Correlation dashboards are part of comprehensive security systems that can integrate various data sources, including bandwidth monitors, to provide a detailed analysis of security events. These dashboards not only help in identifying the spikes in traffic but also assist in pinpointing the nature of the traffic, the potential sources, and any patterns associated with the malicious packets. This makes them highly valuable for investigating complex network issues like the one described.
I go with D: correlation dashboards are tools that allow security analysts to monitor and analyze multiple sources of data and events in real time.. They can help identify patterns, trends,anomalies and threats by correlating different types of of data and events such as network traffic, logs, alerts, and incidents. they can also help investigate network flooding by showing source, destination, volume and type of malicious packets and their impact on the network performance and availability.
Reference: https://www.comptia.org/blog/what-is-a-correlation dashboard.
Bandwidth Monitors
Chapter 8, “Using Risk Management Tools,” discusses several tools used to capture network traffic, and these can be used as bandwidth monitors forensic investigations. It’s common for administrators to keep these packet captures.
By comparing captures taken at different times, investigators can determine changes in network traffic. If an organization recently suffered a data breach, investigators may be able to identify when there was an increase in outgoing traffic. This may help them determine when the network was first attacked, and maybe even the first computer that was infected with malware."
-Security+ Get Certified Get Ahead SY0-601 by Darril Gibson
In more detail for those interested...
A bandwidth monitor tracks bandwidth use over all areas of the network, including devices, applications, servers, WAN, and Internet links, and that information will assist you in keeping an eye on inbound and outbound bandwidth within your network and help you identify which hosts are using the most bandwidth. One benefit of deploying bandwidth monitors is that they map out historical trends for capacity planning. With bandwidth monitors, you can quickly identify abnormal bandwidth usage, top talkers, and unique communications, all useful in finding infected systems that may be exfiltrating data or scanning the network looking to spread to other hosts....
...Bandwidth monitors provide critical information before, during, and after investigations. Incident responders can use this baseline information to determine when the attacked host started to overcommunicate outbound or to spread internally. The historical information is key to determining “normal” for the attacked network and host, what is normal communication for that specific host, and what is normal for the network in general. There are several developers of bandwidth monitors, and some devices have built-in bandwidth logging and monitoring.
-Pearson IT Security+ SY0-601 Cert Guide by Santos, Tayor & Mlodzianowski
The security analysts should use "Bandwidth Monitors" to investigate the issue of the network becoming flooded with malicious packets at specific times of the day. Bandwidth monitors can help identify the source and volume of traffic on the network, which can be used to determine if the malicious packets are causing the network congestion. This information can then be used to identify the source of the malicious packets and take appropriate action to mitigate the attack.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ApplebeesWaiter1122
Highly Voted 2 years, 1 month agomouettespaghetti
Highly Voted 2 years, 1 month agoKelvinYau
Most Recent 8 months agotinylifter
11 months, 2 weeks agoDapsie
1 year agoAtlstorageguy
1 year, 3 months agodavid124
1 year, 5 months agotonnage800
1 year, 7 months agoTONADO
1 year, 7 months agoLeonardSnart
1 year, 12 months agoLeonardSnart
1 year, 12 months agoLeonardSnart
1 year, 12 months agoif10w
2 years, 1 month agoswiggharo
2 years, 1 month ago