The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the
ABC company’s security administrator is unable to determine the origin of the attack?

A.
A NIDS was used in place of a NIPS.

B.
The log is not in UTC.

C.
The external party uses a firewall.

D.
ABC company uses PAT.

Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port
number assignment. The log information shows the IP address, not the port number, making it impossible to
pin point the exact source.
Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused
attacks, such as bandwidth-based DoS attacks. This will not have any bearing on the security administrator atABC Company finding the root of the attack.
B: UTC is the abbreviation for Coordinated Universal Time, which is the primary time standard by which the
world regulates clocks and time. The time in the log is not the issue in this case.
C: Whether the external party uses a firewall or not, will not have any bearing on the security administrator at
ABC Company finding the root of the attack.

http://www.webopedia.com/TERM/P/PAT.html
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/Coordinated_Universal_Time