Certified Incident Handler (ECIH) — Question 14
Anderson, a security engineer, was Instructed to monitor all incoming and outgoing traffic on the organization's network to identify any suspicious traffic. For this purpose, he employed an analysis technique using which he analyzed packet header fields such as IP options, IP protocols, IP fragmentation flags, offset, and identification to check whether any fields are altered in transit.
Identify the type of attack signature analysis performed by Anderson in the above scenario.
Answer options
- A. Context-based signature analysis
- B. Atomic-signature-based analysis
- C. Composite-signature-based analysis
- D. Content-based signature analysis
Correct answer: A
Explanation
The correct answer is A, Context-based signature analysis, as it involves analyzing the context and attributes of packet headers to identify signs of tampering. The other options do not specifically address the examination of header fields or the context in which packets are analyzed, making them less applicable to the scenario described.