Free CompTIA Security+ SY0-601 Practice Question

An incident responder needs to analyze potential data exfiltration which is believed to occur from a specific host to external destinations using uncommonly used high-numbered ports. Which Tcpdump command will MOST effectively capture the necessary traffic while minimizing the capture of unrelated data?

  • tcpdump -i eth0 'src host 192.168.1.100 and src portrange 49152-65535'

  • tcpdump -i eth0 'src host 192.168.1.100'

  • tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and src portrange 1024-65535'

  • tcpdump -i eth0 'portrange 1024-65535'

This question's topic:
CompTIA Security+ SY0-601 / 
Operations and Incident Response
Your Score:

Check or uncheck an objective to set which questions you will receive.