An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?
- A.sequence numbers
- B.IP identifier
- C.5-tuple
- D.timestamps
cisco · 200-201 · Q425 · multiple_choice · topic_1
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group o…
Explanation
Selected Answer: C
In a security operations center (SOC) environment, one method that could be used to identify a session from a group of logs is the use of a 5-tuple. A 5-tuple consists of five pieces of information that can be used to identify a specific network session: the source IP address, source port, destination IP address, destination port, and protocol. By using this information, an analyst can identify a specific session from a group of logs and track its progress through the system. Other methods that could be used to identify a session from a group of logs include the use of sequence numbers, timestamps, or IP identifiers.
Reference: examtopics_top_comment
Practice with progress tracking
Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.