A security analyst is reviewing information contained in a Wireshark capture created during an attempted intrusion. The analyst wants to correlate the Wireshark information with the log files from two servers that may have been compromised. What type of information can be used to correlate the events found in these multiple data sets?

  • Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

A security analyst is reviewing information contained in a Wireshark capture created during an attempted intrusion. The analyst wants to correlate the Wireshark information with the log files from two servers that may have been compromised. What type of information can be used to correlate the events found in these multiple data sets?

  • logged-in user account
  • ISP geolocation data
  • IP five-tuples
  • ownership metadata

Explanation & Hint:

The source and destination IP address, ports, and protocol (the IP five-tuples) can be used to correlate different data sets when analyzing an intrusion.

For more Questions and Answers:

CyberOps Associate (200-201) Certification Practice Exam Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments