# 200-201 — Question 425

**Type:** multiple_choice
**Topics:** topic_1

## Question

An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: C
In a security operations center (SOC) environment, one method that could be used to identify a session from a group of logs is the use of a 5-tuple. A 5-tuple consists of five pieces of information that can be used to identify a specific network session: the source IP address, source port, destination IP address, destination port, and protocol. By using this information, an analyst can identify a specific session from a group of logs and track its progress through the system. Other methods that could be used to identify a session from a group of logs include the use of sequence numbers, timestamps, or IP identifiers.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/cisco/200-201/425  
Practice (tracked): https://hiexam.net/study/200-201/practice