What is the primary purpose of capturing network packets during traffic analysis?
Think about why analysts need to see the actual data moving through the network.
Capturing packets allows analysts to inspect the contents and metadata of network traffic. This helps identify problems or malicious activity by examining what is actually being sent and received.
Which of the following protocols is most commonly analyzed in network traffic to detect web browsing activity?
Consider which protocol is used when you visit websites.
HTTP is the protocol used for web browsing. Network traffic analysis often focuses on HTTP to understand user web activity and detect suspicious behavior.
During network traffic analysis, which pattern is most likely to indicate a Distributed Denial of Service (DDoS) attack?
Think about what happens when many computers try to overwhelm one server at once.
A DDoS attack involves many sources sending large amounts of traffic to one target to overwhelm it. This causes a sudden spike from multiple IPs.
Which statement best describes the difference between passive and active network traffic analysis?
Consider whether the analysis changes the traffic or just watches it.
Passive analysis listens to network traffic without affecting it. Active analysis involves sending test traffic or probes to gather information.
When most network traffic is encrypted, what is the best approach for a security analyst to still detect suspicious activity?
Think about what information is still visible even if the content is hidden.
Even if content is encrypted, metadata like packet size, timing, and destination can reveal patterns of suspicious behavior without decrypting the data.