CompTIA Security+ Question B-32

Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

A. Logical token
B. Performance monitor
C. Public key infrastructure
D. Trusted platform module

Answer: B

Performance Monitor in a Windows system can monitor many different ‘counters’. For TCP network connections, you can monitor specific TCP related counters including the following: Connection Failures Connections Active Connections Established Connections Passive Connections Reset Segments Received/sec Segments Retransmitted/sec Segments Sent/sec Total Segments/sec

By monitoring the counters listed above, you will be able to detect security-related TCP connection anomalies.