Question

You notice several Remote Desktop Protocol (RDP) sessions initiated from different Internet Protocol (IP) addresses that are foreign to your network. Which tool did you use to examine this traffic?

a) A network intrusion detection system (NIDS)
b) A network log monitoring system
c) A network intrusion prevention system (NIPS)
d) A network protocol analyzer

Answer 1

A network log monitoring system is likely the tool used to identify multiple RDP sessions from external IP addresses, as it allows for review of logged network activities.

Step-by-step explanation:

The tool that was likely used to examine the traffic and identify several Remote Desktop Protocol (RDP) sessions initiated from different Internet Protocol (IP) addresses is a network log monitoring system. Such a system keeps track of all the network traffic and logs various events which can then be reviewed. In contrast, while a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) can detect and potentially stop malicious activity, and a network protocol analyzer could be used to examine traffic in real time or from captured data, the context provided points to the use of a system designed to monitor and log network events.