CompTIA CySA+ (CS0-001) — Question 111

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

Answer options

• A. Log review
• B. Service discovery
• C. Packet capture
• D. DNS harvesting

Correct answer: C

Explanation

The correct answer is C, Packet capture, as it allows the analyst to capture and analyze the actual data packets being transmitted, which is essential for understanding the traffic content. Log review (A) can provide insights but may not show real-time traffic details. Service discovery (B) identifies services on a network but does not analyze traffic content. DNS harvesting (D) focuses on collecting DNS records rather than inspecting traffic.