Which of the following signals would you examine in basic network traffic analysis to detect anomalous activity?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Enhance your cyber defense skills with the Security Blue Team Level 1 Test. Prepare with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Multiple Choice

Which of the following signals would you examine in basic network traffic analysis to detect anomalous activity?

Explanation:
In basic network traffic analysis, you look for signs where normal patterns break, especially around where traffic is flowing and what services are being used. Unusual ports stand out because many attackers use non-standard ports or unexpected ports to hide traffic or bypass simple filters. When you see traffic on ports that don’t match what’s typical for your environment, it’s a strong red flag that something may be misconfigured, unauthorized, or probing your network. It’s a clear, actionable signal you can flag for deeper inspection—check the source, destination, protocol, and payload to confirm what service or device is involved and whether it should be communicating on that port. Unusual DNS requests and beacon-like patterns can also indicate anomalies—DNS tunneling, exfiltration, or periodic malware beacons—but they generally require more context or baseline knowledge to interpret accurately and can generate more false positives in a basic setup. So while they’re important, unusual port activity provides the most straightforward, high-signal cue for initial detected anomalous activity.

In basic network traffic analysis, you look for signs where normal patterns break, especially around where traffic is flowing and what services are being used. Unusual ports stand out because many attackers use non-standard ports or unexpected ports to hide traffic or bypass simple filters. When you see traffic on ports that don’t match what’s typical for your environment, it’s a strong red flag that something may be misconfigured, unauthorized, or probing your network. It’s a clear, actionable signal you can flag for deeper inspection—check the source, destination, protocol, and payload to confirm what service or device is involved and whether it should be communicating on that port.

Unusual DNS requests and beacon-like patterns can also indicate anomalies—DNS tunneling, exfiltration, or periodic malware beacons—but they generally require more context or baseline knowledge to interpret accurately and can generate more false positives in a basic setup. So while they’re important, unusual port activity provides the most straightforward, high-signal cue for initial detected anomalous activity.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy