Network Traffic Analysis — CompTIA Security+ (SY0-701) Practice Questions
Network traffic analysis is the process of capturing, inspecting, and interpreting data flowing across a network to detect anomalies, intrusions, or policy violations. On the SY0-701 exam, this topic covers tools and techniques such as protocol analyzers, flow data (NetFlow), and intrusion detection systems that help security teams identify malicious activity like data exfiltration, lateral movement, or command and control communication. Effective traffic analysis requires understanding normal baseline behavior so that deviations can be recognized quickly. This skill is central to threat hunting, incident response, and continuous monitoring.
Free questions on network traffic analysis
An organization experiences a sudden spike in outbound network traffic from several workstations to unknown IPs. Which attack is MOST likely occurring?
Free question · medium · full answer + explanation
More network traffic analysis questions in the full bank
- A security analyst reviews the firewall logs and notices outbound traffic to an external IP address on port 443, but the traffic pattern is unusual: small data requests followed immediately by large data responses. This pattern repeats every 5 minutes. Which of the following is the MOST likely explanation? Unlock answer & explanation →
- A technician notices unusual outbound HTTPS traffic on a workstation to an unknown IP address on port 443. What is the most likely cause? Unlock answer & explanation →