200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

A threat actor penetrated an organization’s network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

  • A . event name, log source, time, source IP, and host name
  • B . protocol, source IP, source port, destination IP, and destination port
  • C . event name, log source, time, source IP, and username
  • D . protocol, log source, source IP, destination IP, and host name
Answer: Option B.

Reference: https://blogs.cisco.com/security/the-dreaded-5-tuple

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
error: Alert: Content is protected !!

Adblock Detected

Please consider supporting us by disabling your ad blocker