CertNexus Exam CFR-410 Topic 4 Question 37 Discussion

Actual exam question for CertNexus's CFR-410 exam

Question #: 37
Topic #: 4

[All CFR-410 Questions]

Tcpdump is a tool that can be used to detect which of the following indicators of compromise?

AUnusual network traffic

BUnknown open ports

CPoor network performance

DUnknown use of protocols

Show Suggested Answer

Suggested Answer: A, B

by Ona at Jun 21, 2024, 11:17 AM

Limited Time Offer

25%

Off

Get Premium CFR-410 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Leota

16 days ago

I'm just glad they didn't ask about using tcpdump to detect 'unusual duck-billed platypus activity' - that would have really thrown me for a loop!

upvoted 0 times

...

Broderick

17 days ago

Ah, the old tcpdump question. It's like asking a carpenter which tool is best for measuring wood - the answer is obvious! A) Unusual network traffic is the way to go.

upvoted 0 times

Jennifer

10 hours ago

I agree, unusual network traffic is a clear indicator of compromise.

upvoted 0 times

...

Janine

24 days ago

Hmm, I was considering C) Poor network performance, but that's more of a sympAilene than a direct indicator of compromise. A) Unusual network traffic makes the most sense.

upvoted 0 times

Raymon

13 hours ago

I agree, A) Unusual network traffic is a clear sign of compromise.

upvoted 0 times

...

Ailene

1 months ago

I was thinking B) Unknown open ports, but now that I think about it, tcpdump is more about capturing and inspecting the actual traffic, not necessarily open ports.

upvoted 0 times