CompTIA CySA+ (CS0-003) — Question 301

A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic to search for malicious activity?

Answer options

• A. WAF
• B. Wireshark
• C. EDR
• D. Nmap

Correct answer: B

Explanation

Wireshark is the correct choice as it is specifically designed for capturing and analyzing network traffic, making it ideal for identifying malicious activity. WAF (Web Application Firewall) focuses on web traffic protection, EDR (Endpoint Detection and Response) is more suited for endpoint security, and Nmap is primarily a network scanning tool, not for detailed traffic analysis.