CompTIA Network+ (N10-009) — Question 337

A technician needs to identify a computer on the network that is reportedly downloading unauthorized content. Which of the following should the technician use?

Answer options

• A. Anomaly alerts
• B. Port mirroring
• C. Performance monitoring
• D. Packet capture

Correct answer: D

Explanation

The correct answer is D, Packet capture, because it allows the technician to analyze the data packets being sent and received by the computer in question, thus identifying unauthorized downloads. Anomaly alerts (A) help identify unusual activity but do not provide specific data, while port mirroring (B) duplicates traffic for analysis, which may not be as direct. Performance monitoring (C) focuses on system efficiency rather than identifying specific unauthorized content.