312-49 · Question #439
312-49 Question #439: Real Exam Question with Answer & Explanation
The correct answer is C: Network intrusion has occurred. The firewall log screenshot (described in the question context) shows connection patterns consistent with unauthorized access rather than flood-based attacks. Because the institution operates 24/7, anomalous off-hours traffic cannot be dismissed as normal business activity — ev
Question
A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week. What can the investigator infer from the screenshot seen below?
Options
- AA smurf attack has been attempted
- BA denial of service has been attempted
- CNetwork intrusion has occurred
- DBuffer overflow attempt on the firewall.
Explanation
The firewall log screenshot (described in the question context) shows connection patterns consistent with unauthorized access rather than flood-based attacks. Because the institution operates 24/7, anomalous off-hours traffic cannot be dismissed as normal business activity — every entry is potentially valid business traffic. Log evidence showing internal hosts communicating with unknown external IPs, or data exfiltration patterns, points to an actual intrusion rather than a DoS attempt (which would show traffic floods), a Smurf attack (ICMP broadcast amplification), or a buffer overflow (malformed packet payloads targeting the firewall itself).
Topics
Community Discussion
No community discussion yet for this question.