CompTIA CySA+ (CS0-003) — Question 224

An analyst is trying to capture anomalous traffic from a compromised host. Which of the following are the best tools for achieving this objective? (Choose two.)

Answer options

• A. tcpdump
• B. SIEM
• C. Vulnerability scanner
• D. Wireshark
• E. Nmap
• F. SOAR

Correct answer: A, D

Explanation

tcpdump and Wireshark are both powerful tools for capturing and analyzing network traffic, making them ideal for detecting anomalies. The other options, such as SIEM, vulnerability scanners, Nmap, and SOAR, serve different purposes like log management, vulnerability assessment, network mapping, and orchestration, respectively, which do not directly capture traffic.