Question

A security administrator captured eight hours of network traffic and collected close to one gigabyte of data during that capture. The administrator complained that there was too much data to effectively work with to find unusual traffic. What can the administrator do to work with a smaller and a more manageable data set?

a) The administrator can compress the file with a ZIP utility to decrease its size.
b) The administrator can capture traffic on each network segment separately.
c) The administrator can capture traffic in five-minute intervals and examine each one separately.
d) The administrator can apply a filter for the type of traffic required.

Answer 1

To manage a large dataset of network traffic, applying a filter to capture only relevant traffic is the most effective method, as it directly reduces the amount of unnecessary data.

Step-by-step explanation:

A security administrator who is overwhelmed with a large amount of network traffic data should consider using filters to reduce the dataset to a more manageable size. Specifically, the administrator can apply a filter for the type of traffic that is most relevant to their investigation. This method allows for the exclusion of irrelevant data, making the traffic capture more efficient and easier to analyze. Options like compressing the file or capturing in shorter intervals could save on space or make the data easier to handle temporally, but they do not address the core issue of reducing the quantity of unneeded data. Capturing traffic on each network segment separately might reduce volume but would also potentially miss critical cross-segment traffic analysis. Therefore, option (d), applying a filter, is the most effective recommendation to manage the dataset.