In a honeypot log, which event line indicates a port scan from an external IP?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

In a honeypot log, which event line indicates a port scan from an external IP?

Explanation:
Port scanning is when an attacker probes many ports to map what services are available on a target. In a honeypot log, such activity is shown by a line that explicitly says a port scan was detected and includes the source IP. The line “spp_portscan: portscan detected from 194.222.156.169” fits perfectly: it names the event (portscan), says it was detected, and shows the external IP performing the scan. The other entries describe different actions: one indicates an FTP password retrieval attempt, another a DNS version query, and the last shows a FIN scan type. While a FIN scan is a kind of port scan, it doesn’t present the source IP in the same explicit “portscan detected from [IP]” format, so it isn’t as direct a match for indicating a port scan from an external IP.

Port scanning is when an attacker probes many ports to map what services are available on a target. In a honeypot log, such activity is shown by a line that explicitly says a port scan was detected and includes the source IP. The line “spp_portscan: portscan detected from 194.222.156.169” fits perfectly: it names the event (portscan), says it was detected, and shows the external IP performing the scan.

The other entries describe different actions: one indicates an FTP password retrieval attempt, another a DNS version query, and the last shows a FIN scan type. While a FIN scan is a kind of port scan, it doesn’t present the source IP in the same explicit “portscan detected from [IP]” format, so it isn’t as direct a match for indicating a port scan from an external IP.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy