Refer to the exhibit. During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events. Which technology provided these logs?
C
The Cisco ASA 5510 Adaptive Security Appliance provides high-performance firewall and VPN services and five integrated 10/100 Fast Ethernet interfaces. It optionally provides high-performance intrusion prevention and worm mitigation services
should this be IDS/IPS?
Local TCP connections: The logs mention local connections, meaning traffic originating within the network itself, not inbound or outbound communication. This is a typical scenario for IDS/IPS monitoring, as they are designed to detect suspicious activity within the network perimeter.
Scanning activity: The incident involves suspicious scanning, which aligns with the core function of IDS/IPS. They actively monitor network traffic for patterns and signatures indicative of reconnaissance or scanning attempts by potential attackers.
Log detail: The image showcases a specific log format with timestamps, connection details, protocols, and potential threats. This level of detail and focus on internal traffic is characteristic of IDS/IPS logs, compared to other options like antivirus or firewall logs.
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
genadieff
Highly Voted 2 years agoRoBery
Most Recent 10 months, 3 weeks agosheyshey
12 months agosheyshey
1 year agosheyshey
1 year agoSilexis
10 months, 1 week ago