CompTIA Security+ (SY0-501) — Question 948
While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy.
Which of the following tool or technology would work BEST for obtaining more information on this traffic?
Answer options
- A. Firewall logs
- B. IDS logs
- C. Increased spam filtering
- D. Protocol analyzer
Correct answer: B
Explanation
The correct answer is B, IDS logs, as Intrusion Detection Systems are specifically designed to detect and log suspicious traffic patterns, which would provide insights into the unknown traffic. Firewall logs, while useful, may not capture all the nuances of the traffic, and increased spam filtering is irrelevant to understanding unknown traffic. A protocol analyzer can provide detailed information but may not be as effective for real-time detection as IDS logs.