A threat hunter is concerned about a significant increase in TCP traffic sourced from port 53. It is suspected that malicious file transfer traffic is being tunneled out using the TCP DNS port. Which deep packet inspection tool can detect the type of application originating the suspicious traffic?

  • Wireshark
  • NetFlow
  • NBAR2
  • syslog analyzer

Explanation & Hint:

NBAR2 is used to discover the applications that are responsible for network traffic. NBAR is a classification engine that can recognize a wide variety of applications, including web-based applications and client/server applications.

For more Questions and Answers:

CyberOps Associate (200-201) Certification Practice Exam Answers Full 100%