A security analyst is reviewing information contained in a Wireshark capture created during an attempted intrusion. The analyst wants to correlate the Wireshark information with the log files from two servers that may have been compromised. What type of information can be used to correlate the events found in these multiple data sets?

  • logged-in user account
  • ISP geolocation data
  • IP five-tuples
  • ownership metadata

Explanation & Hint:

The source and destination IP address, ports, and protocol (the IP five-tuples) can be used to correlate different data sets when analyzing an intrusion.

For more Questions and Answers:

CyberOps Associate (200-201) Certification Practice Exam Answers Full 100%