Certified Ethical Hacker (CEH v11) — Question 135

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Answer options

• A. Protocol analyzer
• B. Network sniffer
• C. Intrusion Prevention System (IPS)
• D. Vulnerability scanner

Correct answer: A

Explanation

The correct answer is A, as a Protocol analyzer allows for detailed inspection of packet data, enabling the administrator to analyze the content and behavior of the packets to determine their legitimacy. Options B and C do not provide the same level of analysis, with B primarily capturing traffic rather than analyzing it, and C actively prevents threats rather than assessing them. D, a Vulnerability scanner, is designed to identify vulnerabilities in systems, not to analyze packet data.