A threat actor penetrated an organization’s network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

200-201 0 Comments

A threat actor penetrated an organization’s network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A . event name, log source, time, source IP, and host name
B . protocol, source IP, source port, destination IP, and destination port
C . event name, log source, time, source IP, and username
D . protocol, log source, source IP, destination IP, and host name

Answer: B

Explanation:

Reference: https://blogs.cisco.com/security/the-dreaded-5-tuple

Latest 200-201 Dumps Valid Version with 154 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 200-201 PDF     200-201 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments