Which of the following would indicate an external network scanning activity in firewall logs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which of the following would indicate an external network scanning activity in firewall logs?

Explanation:
When you’re looking at firewall logs for signs of activity from outside your network, you’re searching for patterns that suggest someone is probing your defenses rather than just using normal traffic. A hallmark of external network scanning is a single external IP trying to reach many different ports or services on your firewall or exposed hosts, often in rapid succession. This kind of broad, methodical probing is exactly what scanning tools like Nmap are designed to do: map live hosts, identify open ports, and infer the services running behind them. So, logs showing multiple connection attempts from one external source across a wide range of ports or protocols point to a scanning activity. The other activities listed don’t fit this pattern in firewall logs. SQL injection is an attempt to manipulate a web application's database queries and shows up in web or application logs rather than as port-scanning activity. Phishing and social engineering involve human factors and typically appear in email logs, web access patterns, or security awareness reports, not as a string of port probes captured by a firewall.

When you’re looking at firewall logs for signs of activity from outside your network, you’re searching for patterns that suggest someone is probing your defenses rather than just using normal traffic. A hallmark of external network scanning is a single external IP trying to reach many different ports or services on your firewall or exposed hosts, often in rapid succession. This kind of broad, methodical probing is exactly what scanning tools like Nmap are designed to do: map live hosts, identify open ports, and infer the services running behind them. So, logs showing multiple connection attempts from one external source across a wide range of ports or protocols point to a scanning activity.

The other activities listed don’t fit this pattern in firewall logs. SQL injection is an attempt to manipulate a web application's database queries and shows up in web or application logs rather than as port-scanning activity. Phishing and social engineering involve human factors and typically appear in email logs, web access patterns, or security awareness reports, not as a string of port probes captured by a firewall.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy