Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting
purposes?
A.
Switches
B.
Protocol analyzers
C.
Routers
D.
Web security gateways
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a
network. By capturing and analyzing the packets, Pete will be able to determine the type, source, and flags of the packets traversing a network for troubleshooting
purposes.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).
Incorrect Answers:
A: A switch is a network device that Ethernet cables plug in to. The switch will direct traffic received on one switch port out on one or more other switch ports based
on the MAC address of the destination computer(s). A switch receives and transmits network packets. It is not used to examine the contents of the packets to view
the type, source, and flags of the packets. Therefore, this answer is incorrect.
C: A router is a network device that routes data traffic according to the IP address of the destination computer(s). A router receives and transmits network packets.
It is not used to examine the contents of the packets to view the type, source, and flags of the packets. Therefore, this answer is incorrect.
D: A web security gateway can be thought of as a proxy server (performing proxy and caching functions) with web protection software built in. Depending on the
vendor, the “web protection” can range from a standard virus scanner on incoming packets to monitoring outgoing user traffic for red flags as well. Potential red
flags that the gateway can detect and/or prohibit include inappropriate content, trying to establish a peer-to-peer connection with a file-sharing site, instantmessaging, and unauthorized tunneling. You can configure most web security gateways to block known HTTP/HTML exploits, strip ActiveX tags, strip Java applets,
and block/strip cookies. A web security gateway is not used to examine the contents of the packets to view the type, source, and flags of the packets. Therefore,
this answer is incorrect.http://en.wikipedia.org/wiki/Wireshark
Comptia Security + Study Guide. Page 103 Web Security Gateway