A threat hunter is concerned about a significant increase in TCP traffic sourced from port 53. It is suspected that malicious file transfer traffic is being tunneled out using the TCP DNS port. Which deep packet inspection tool can detect the type of application originating the suspicious traffic?

  • Post author:
  • Post category:Re-Appear
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

A threat hunter is concerned about a significant increase in TCP traffic sourced from port 53. It is suspected that malicious file transfer traffic is being tunneled out using the TCP DNS port. Which deep packet inspection tool can detect the type of application originating the suspicious traffic?

  • Wireshark
  • NetFlow
  • NBAR2
  • syslog analyzer
  • IDS/IPS

Explanation & Hint:

NBAR2 is used to discover the applications that are responsible for network traffic. NBAR is a classification engine that can recognize a wide variety of applications, including web-based applications and client/server applications.

For more Questions and Answers:

CyberOps Associate (200-201) Certification Practice Exam Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments