A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the following techniques would BEST describe the approach the analyst has taken?
I apologize for wasting peoples' time, but on Darril Gibson's blog at https://blogs.getcertifiedgetahead.com/active-fingerprinting-passive-fingerprinting/ I found a loosely similar question he gave with explanation of the answers, and after reading that I think the correct answer is what you all are saying and that is "C Passive Vulnerability Scanning". There he said that Port scanning is active and sends traffic to a system to determine what ports are open.
You should have put this statement under your comment above. It will help people not to waste time on looking up those resources. Thanks
Also, have you taken your exams?
and this is absolutely not true, since TAPs performs those scans silently. Port are correct, but port scanning seems more adequate here:
https://insights.profitap.com/what-are-network-taps
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities.
Passive scanning is a method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction.
C. Passive vulnerability scanning
Network taps are usually employed for network intrusion detection systems (NIDS), network probes, remote network monitoring (RMON) probes and Voice Over Internet Protocol (VoIP) recording.
Network taps are unobtrusive and undetectable. They are therefore widely used in network security applications. Network taps work with full duplex communication systems and let the traffic flow smoothly, even with traffic failure.
https://www.techopedia.com/definition/25311/network-tap#:~:text=A%20network%20tap%20is%20a%20test%20access%20point,to%20monitor%20the%20network%20traffic%20between%20two%20terminals.
C.
… Taps are used in security applications because they are non-obtrusive, are not detectable on the network (having no physical or logical address), can deal with full-duplex and non-shared networks, and will usually pass through or bypass traffic even if the tap stops working or loses power. … Modern network technologies are often full-duplex, meaning that data can travel in both directions at the same time. … Network taps for full-duplex technologies usually have two monitor ports, one for each half of the connection. … Once a network tap is in place, the network can be monitored without interfering with the network itself. Other network monitoring solutions require in-band changes to network devices, which means that monitoring can impact the devices being monitored. … Once a tap is in place, a monitoring device can be connected to it as-needed without impacting the monitored network. … (https://en.wikipedia.org/wiki/Network_tap)
C sounds better. Just having the option as a passive scan would have been better as well but CompTIA.
Compliance checks are usually for standards compliance. Since the question mentions vulnerability, C is the better answer.
Port Scanning is the name for the technique used to identify open ports and services available on a network host. It is sometimes utilized by security technicians to audit computers for vulnerabilities, however, it is also used by hackers to target victims.
Answer: C
Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment. Taps are used in security applications because they are non-obtrusive,
C. Zen1 is righ - Port Scanning is the name for the technique used to identify open ports and services available on a network host - a "network tap" is a device setup between two network devices like a router and a switch to capture packets - its purpose is not to find open ports - that's the purpose of a port scanner. The tap is capturing traffic to aid in finding vulnerabilities - can be passive or active - so maybe answer A (compliance scanning) covers both.
A network TAP (Test Access Point) is a hardware tool that allows you to access and monitor your network. TAPs transmit both the send and receive data streams simultaneously on separate dedicated channels, ensuring all data arrives at the monitoring device in real time. Network TAPs are inserted between network devices, like a switch and router. Passive TAPs: Support out-of-band, "listen-only" devices used for monitoring tools, and are simple, reliable, and require no power. Active TAPs: Support inline devices used for security applications and include bypass or failsafe technology. Deciding how to get data from your network and into your monitoring and security tools is just as important as the tools themselves. Network TAPs are the industry best practice - and the only guaranteed method for 100% data capture. Some engineers started using the SPAN/Mirror port on their switches.
https://www.garlandtechnology.com/2013/11/15/what-is-a-tap-anyway
I too think the answer may be right because of the strange wording they used emphasizing that they are monitoring the network traffic for vulnerabilities. I think every word they choose carefully.
The following has a convincing argument that Port scanning and Vulnerability scanning are different things->
https://www.quora.com/What-are-the-differences-between-port-scanning-and-Nessus-vulnerabilities
I hate to say it, but I think they actually got the suggested answer right this time. Here is more information supporting that saying that network tap and port scanning (monitoring) are pretty much the same thing: https://support.alertlogic.com/hc/en-us/articles/360007322751-What-is-the-difference-between-a-tap-and-a-SPAN-
SPAN (Switched Port Analyzer) is a Cisco Systems term and feature that is sometimes called port mirroring or port monitoring. It selects network traffic for analysis by a network analyzer. The Alert Logic agent component, tmhost, is a software tap that replaces the need for a physical network tap or SPAN configuration.
See his subsequent comment below. He posted it at the bottom of this comment. I'm posting here so people who read the ones above will not get confused.
KerryB 4 weeks ago
I apologize for wasting peoples' time, but on Darril Gibson's blog at https://blogs.getcertifiedgetahead.com/active-fingerprinting-passive-fingerprinting/ I found a loosely similar question he gave with explanation of the answers, and after reading that I think the correct answer is what you all are saying and that is "C Passive Vulnerability Scanning". There he said that Port scanning is active and sends traffic to a system to determine what ports are open.
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KerryB
Highly Voted 4 years, 8 months agoTeza
4 years, 8 months agomcNik
4 years, 3 months agoZen1
Highly Voted 5 years, 3 months agoBillyKidd
4 years, 5 months agoFNavarro
4 years, 1 month agoJoaoIRB
Most Recent 3 years, 11 months agoLumeya
4 years, 3 months agovaxakaw829
4 years, 9 months agoMagicianRecon
4 years, 10 months agoClintBeavers
5 years agocovfefe
5 years agoQabil
5 years agoDante_Dan
5 years agoMelvinJohn
5 years, 1 month agoHerp
5 years, 1 month agoMelvinJohn
5 years, 3 months agoZacharia
5 years, 3 months agoElb
5 years, 3 months agoMashigo
5 years, 5 months agoKerryB
4 years, 9 months agoKerryB
4 years, 8 months agoTeza
4 years, 7 months agoHeymannicerouter
4 years, 1 month agoAnonymousnumber1
5 years, 6 months ago