A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A.
event name, log source, time, source IP, and host name
B.
protocol, source IP, source port, destination IP, and destination port
C.
event name, log source, time, source IP, and username
D.
protocol, log source, source IP, destination IP, and host name
The 5-tuple approach consists of protocol, source IP address, source port number, destination IP address, and destination port number to uniquely identify sessions between endpoints on a network. References := Cisco Cybersecurity Source Documents
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit