From the log excerpt, which line indicates a port scan detected from 194.222.156.169?

Study for the Computer Hacking Forensic Investigator (CHFI) v11 Test with flashcards and multiple choice questions. Each question comes with hints and explanations. Get ready to excel!

Multiple Choice

From the log excerpt, which line indicates a port scan detected from 194.222.156.169?

Explanation:
Port scanning detection is shown in logs by a line that explicitly says a portscan was detected, along with the source IP. In this excerpt, the line literally reads that a portscan was detected from 194.222.156.169, and it’s produced by the spp_portscan module, which indicates a detection event for a scanning activity coming from that IP. The other entries describe different kinds of activity (a FIN scan, a DNS version query, and an RPC info query) and do not announce a portscan detection. So the line with the portscan detection label from spp_portscan is the one that indicates a port scan detected from that IP.

Port scanning detection is shown in logs by a line that explicitly says a portscan was detected, along with the source IP. In this excerpt, the line literally reads that a portscan was detected from 194.222.156.169, and it’s produced by the spp_portscan module, which indicates a detection event for a scanning activity coming from that IP. The other entries describe different kinds of activity (a FIN scan, a DNS version query, and an RPC info query) and do not announce a portscan detection. So the line with the portscan detection label from spp_portscan is the one that indicates a port scan detected from that IP.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy