The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scanThe external party is reporting attacks coming from abc-company.com. Which of the following is the
reason the ABC company’s security administrator is unable to determine the origin of the attack?

A.
A NIDS was used in place of a NIPS.

B.
The log is not in UTC.

C.
The external party uses a firewall.

D.
ABC company uses PAT.

Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different
port number assignment. The log information shows the IP address, not the port number, making it
impossible to pin point the exact source.
Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting networkfocused attacks, such as bandwidth-based DoS attacks. This will not have any bearing on the security
administrator at ABC Company finding the root of the attack.
B: UTC is the abbreviation for Coordinated Universal Time, which is the primary time standard by which
the world regulates clocks and time. The time in the log is not the issue in this case.
C: Whether the external party uses a firewall or not will not have any bearing on the security
administrator at ABC Company finding the root of the attack.

http://www.webopedia.com/TERM/P/PAT.html
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/Coordinated_Universal_Time