CompTIA Security+ (SY0-401) — Question 5

The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC companys security administrator is unable to determine the origin of the attack?

Answer options

• A. A NIDS was used in place of a NIPS.
• B. The log is not in UTC.
• C. The external party uses a firewall.
• D. ABC company uses PAT.

Correct answer: D

Explanation

The correct answer is D because Port Address Translation (PAT) can obscure the original IP addresses of the attacking machines, making it difficult to trace the source of the attack. Option A is incorrect because whether a NIDS or NIPS is used does not directly affect the ability to trace the origin of an attack. Option B is not relevant as the log format does not change the source address visibility, and option C does not impact the ability to determine the origin of the attack.