Comptia Security Plus Mock Test Q3

The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?

A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.

Correct Answer: D
Section: Network Security

Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.

Incorrect Answers:

A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks. This will not have any
bearing on the security administrator at ABC Company finding the root of the attack.

B: UTC is the abbreviation for Coordinated Universal Time, which is the primary time standard by which the world regulates clocks and time. The time in the log is not the issue in this
case.

C: Whether the external party uses a firewall or not will not have any bearing on the security administrator at ABC Company finding the root of the attack.

References:
http://www.webopedia.com/TERM/P/PAT.html
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/Coordinated_Universal_Time