Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 141

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?

Answer options

• A. based on the most used applications
• B. by most active source IP
• C. by most used ports
• D. based on the protocols used

Correct answer: B

Explanation

The correct answer is B, as monitoring the most active source IP will help identify the specific host generating the unusual traffic. The other options, while useful for different analyses, do not directly pinpoint the source of the suspicious network scanning activity.