The answer is D (IDS)
The log entry contains information about a signature ID, source and destination IP addresses, source and destination ports, and a severity rating. These are characteristics typically found in IDS logs (Intrusion Detection System). IDS logs provide information about security events detected by an IDS system, which monitors network traffic for signs of unauthorized activity or security policy violations. On the other hand, proxy logs record client connections to a proxy server, NetFlow logs capture network traffic data, and syslogs are a type of system log that captures messages from various components of a computer system.
"Sig ID" typically refers to a Signature ID, which is a unique identifier assigned to a particular security threat or event by an intrusion detection or prevention system (IDS/IPS). A log message that includes a Sig ID would suggest that the message is related to an alert triggered by the IDS/IPS in response to a security event.
You also see the 5-tuple in IPS events, NetFlow records, and other event data. In fact,
on the exam you may need to differentiate between a firewall log versus a traditional
IPS or IDS event. One of the things to remember is that traditional IDS and IPS use
signatures, so an easy way to differentiate is by looking for a signature ID (SigID). If you
see a signature ID, then most definitely the event is a traditional IPS or IDS event.
Cisco CyberOps Associate_P861
CBROPS 200-201 Official
Cert Guide
Omar Santos
OK - so what has the severity got to do with and IDS. Severity 6 is a syslog feature and means informational and represents a normal event. Why would a normal even have a sig id?
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
andrewdh
Highly Voted 3 years agosamismayilov
2 years, 9 months agobren_
Highly Voted 2 years, 11 months agoslippery31
Most Recent 7 months agoalhamry
7 months, 3 weeks agoalhamry
7 months, 3 weeks agodrdecker100
10 months, 1 week agocy_analyst
1 year, 2 months agoEntivo
1 year, 4 months agoaddpro7
1 year, 8 months agoDunky
1 year, 9 months agoaiglart
1 year, 9 months agoCiscoTerminator
2 years agohalamah
2 years, 1 month agoalocin
2 years, 2 months agoFafabeans
3 years ago