In a honeypot log, which event line indicates a port scan from an external IP?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

In a honeypot log, which event line indicates a port scan from an external IP?

Port scanning is when an attacker probes many ports to map what services are available on a target. In a honeypot log, such activity is shown by a line that explicitly says a port scan was detected and includes the source IP. The line “spp_portscan: portscan detected from 194.222.156.169” fits perfectly: it names the event (portscan), says it was detected, and shows the external IP performing the scan.

The other entries describe different actions: one indicates an FTP password retrieval attempt, another a DNS version query, and the last shows a FIN scan type. While a FIN scan is a kind of port scan, it doesn’t present the source IP in the same explicit “portscan detected from [IP]” format, so it isn’t as direct a match for indicating a port scan from an external IP.

In a honeypot log, which event line indicates a port scan from an external IP?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

In a honeypot log, which event line indicates a port scan from an external IP?

Get the latest from Examzify