CompTIA CySA+ CS0-003 Practice Question
During a routine check, a security analyst notices that several outbound connections to unfamiliar external IP addresses have been made from a server within the company's network. There is no documented business need for these communications. Which tool should the analyst use to capture and analyze the traffic between the server and these IP addresses for further investigation?
Wireshark
tcpdump
Simple Network Management Protocol (SNMP)
WHOIS