An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?

Question

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

Accepted Answer

Correct answer: C. C. 5-tuple — The correct answer is C, as the 5-tuple (source IP, destination IP, source port, destination port, and protocol) uniquely identifies a session in network traffic. Options A, B, and D provide various forms of identification but do not encompass all elements necessary to define a session comprehensively.

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 23

Answer options

Correct answer: C

Explanation