From the log excerpt, which line indicates a port scan detected from 194.222.156.169?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

From the log excerpt, which line indicates a port scan detected from 194.222.156.169?

Explanation:
Port scanning detection is shown in logs by a line that explicitly says a portscan was detected, along with the source IP. In this excerpt, the line literally reads that a portscan was detected from 194.222.156.169, and it’s produced by the spp_portscan module, which indicates a detection event for a scanning activity coming from that IP. The other entries describe different kinds of activity (a FIN scan, a DNS version query, and an RPC info query) and do not announce a portscan detection. So the line with the portscan detection label from spp_portscan is the one that indicates a port scan detected from that IP.

Port scanning detection is shown in logs by a line that explicitly says a portscan was detected, along with the source IP. In this excerpt, the line literally reads that a portscan was detected from 194.222.156.169, and it’s produced by the spp_portscan module, which indicates a detection event for a scanning activity coming from that IP. The other entries describe different kinds of activity (a FIN scan, a DNS version query, and an RPC info query) and do not announce a portscan detection. So the line with the portscan detection label from spp_portscan is the one that indicates a port scan detected from that IP.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy