A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A.
event name, log source, time, source IP, and username
B.
event name, log source, time, source IP, and host name
C.
protocol, log source, source IP, destination IP, and host name
D.
protocol, source IP, source port destination IP, and destination port
D is Correct
5-Touple ==> protocol, source IP, source port destination IP, and destination port
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
seyfo
10 months, 1 week agoEng_ahmedyoussef
1 year, 1 month ago