Network Traffic Analysis — CompTIA CySA+ (CS0-003) Practice Questions
Network traffic analysis involves examining packet captures, flow records, and protocol metadata to identify anomalies, suspicious connections, or policy violations. The CySA+ exam tests candidates on reading and interpreting network data to detect activities such as command-and-control communication, lateral movement, and data staging. Analysts must understand common protocols and what normal behavior looks like in order to identify deviations that warrant investigation. Network traffic analysis often provides the earliest observable signal of an intrusion, making it a foundational detection technique in the SOC.
Free questions on network traffic analysis
An analyst reviewing network traffic captures detects a large outbound transfer of data to an external IP address that matches no approved egress policy. What is the NEXT step?
Free question · medium · full answer + explanation
Which of the following provides the BEST real-time visibility into advanced persistent threats (APTs) on a network?
Free question · medium · full answer + explanation
More network traffic analysis questions in the full bank
- What is network traffic analysis used for? Unlock answer & explanation →
- How would you identify a beaconing pattern in network traffic analysis? Unlock answer & explanation →
- What indicators should you look for in network traffic? Unlock answer & explanation →