Which term describes an enumeration, vulnerability, or incident detection scan that analyzes only intercepted network traffic rather than sending probes to a target?

• A. Passive security control
• B. Active security control
• C. Passive reconnaissance
• D. Threat modeling

Answer: (A)

Analyzing only intercepted network traffic without sending probes is a passive approach to security monitoring. By listening to and inspecting traffic that naturally flows over the network (using taps or mirrored ports), you can detect anomalies, intrusions, or misconfigurations without actively probing the target. This makes the method non-intrusive and less likely to affect systems being monitored. The term that best fits this behavior is passive security control, since it relies on observing existing activity rather than initiating tests or scans. In contrast, active security controls involve probes or tests that interact with the target, passive reconnaissance concerns gathering information from what’s publicly observable or observable without interacting with the target, and threat modeling is a broader process for identifying security risks rather than a monitoring approach.