200-201 Question #178: Real Exam Question with Answer & Explanation

Sign in or unlock 200-201 to reveal the answer and full explanation for question #178. The question stem and answer options stay visible for context.

Submitted by eva_at· Mar 6, 2026Network Intrusion Analysis

Question

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

Options

Aevent name, log source, time, source IP, and host name
Bprotocol, source IP, source port, destination IP, and destination port
Cevent name, log source, time, source IP, and username
Dprotocol, log source, source IP, destination IP, and host name

Unlock 200-201 to see the answer

You've previewed enough free 200-201 questions. Unlock 200-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock 200-201 - $49.99 / 30 days Sign in

Topics

#5-tuple#network forensics#log analysis#network protocols

Full 200-201 Practice Browse All 200-201 Questions