CISSP Practice question #183

In network forensics which of these is a common form used?
A: Catch-as-you-can.
B: Catch-and-release.
C: Stop, act and prevent.
D: Stop and release.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Network forensics: Systems used to collect network data for forensics use usually come in two forms: Catch-it-as-you-can: All packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage. Stop, look and listen: Each packet is analyzed in a basic way in memory and only certain information is saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like