The security administrator at ABC company received the following log information from an external
party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is
the reason the ABC company’s security administrator is unable to determine the origin of the
attack?
A.
A NIDS was used in place of a NIPS.
B.
The log is not in UTC.
C.
The external party uses a firewall.
D.
ABC company uses PAT.
Where did you get this question from? Where’s the source?
0
0
Who is the actual source(SRC)? If 10.4.3.7 is in fact ABC Company, then I see different ports listed in the socket. If 8.4.2.1(DST) is ABC Company, then I can see the system being unable to identify the actual user source. But, why/how is the administrator getting log information from an external source?
0
0