CertNexus Certified Cyber Secure Coder (CSC) — Question 27

Tcpdump is a tool that can be used to detect which of the following indicators of compromise?

Answer options

• A. Unusual network traffic
• B. Unknown open ports
• C. Poor network performance
• D. Unknown use of protocols

Correct answer: A

Explanation

The correct answer is A, as Tcpdump is specifically designed to capture and analyze network packets, allowing users to observe unusual network traffic that may indicate a compromise. Options B, C, and D, while related to network monitoring, do not directly correlate with Tcpdump's primary function of detecting abnormal traffic patterns.