Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Your IDS admin gets an alert from the IDS. The associated packets are saved as a pcap file. What type of network tool can be used to determine if these packets are generally malicious or simply a false positive?
Vulnerability Scanner
Intrusion Prevention System
Protocol Analyzer
Network Sniffer
IPS is use inline with the IDS to determine if packets are malicious or not, but it does not mean that an IPS will necessary support analyzing from PCAP file. A protocal Analyzer can read PCAP file and be used for offline analyzing.
This was on the CEH Test taken 2-15-2016
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.