CompTIA Security+ (SY0-601) — Question 192
Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?
Answer options
- A. nmap
- B. tracert
- C. ping
- D. ssh
Correct answer: A
Explanation
The correct tool is nmap, as it can be used to scan and identify open ports and services on the specific server, helping to determine if traffic is being blocked. While tracert can show the path taken by packets, it does not directly identify blocked traffic. Ping only checks for ICMP responses and does not provide insight into other types of traffic, and ssh is a secure shell used for remote access rather than traffic analysis.