From a honeypot log excerpt, which IP address is shown as performing a port scan?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

From a honeypot log excerpt, which IP address is shown as performing a port scan?

Looking for a port scan in a honeypot log means spotting a single external source making quick, repeated connection attempts to many different ports on the honeypot. That burst of activity across numerous ports from one IP is the telltale sign of a scanner, not normal service access.

The address 194.222.156.169 stands out because the log shows it initiating connections to a wide range of ports in rapid succession, which matches the behavior of a port scan. Other addresses either don’t show that broad, rapid probing pattern or are internal/private addresses that wouldn’t typically appear as external scanning sources. So, the IP 194.222.156.169 is identified as performing the port scan.

From a honeypot log excerpt, which IP address is shown as performing a port scan?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

From a honeypot log excerpt, which IP address is shown as performing a port scan?

Get the latest from Examzify