A threat actor penetrated an organization’s network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A . event name, log source, time, source IP, and host name
B . protocol, source IP, source port, destination IP, and destination port
C . event name, log source, time, source IP, and username
D . protocol, log source, source IP, destination IP, and host name
Answer: B
Explanation:
Reference: https://blogs.cisco.com/security/the-dreaded-5-tuple
Latest 200-201 Dumps Valid Version with 154 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund