CompTIA CySA+ (CS0-002) — Question 48

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture ”. The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will BEST accomplish the analyst’s objectives?

Answer options

• A. tcpdump -w packetCapture
• B. tcpdump -a packetCapture
• C. tcpdump -n packetCapture
• D. nmap -v > packetCapture
• E. nmap -oA > packetCapture

Correct answer: A

Explanation

The command 'tcpdump -w packetCapture' is the best option as it writes the packet capture directly to a binary file without any additional formatting, making it efficient and minimizing the risk of missing packets. The other options either do not capture data in a binary format or are not designed for packet capturing, such as the nmap commands, which are used for network scanning rather than packet capturing.