Question 71 of 160 from exam CS0-002: CompTIA CySA+

Prev Question Next Question

Question

After a breach involving the exfiltration of a large amount of sensitive data, a security analyst is reviewing the following firewall logs to determine how the breach occurred:

3-10-2019
3-10-2019
3-10-2019
3-10-2019
3-10-2019
3-10-2019

10:

10
10
10
10
10

23:
23¢
123:
2231
1233
123:

22
24
25
26
29
30

FROM
FROM
FROM
FROM
FROM

192.
192.
192.
492.
192.
FROM 192.168.1.

168.
168.
168.
168.
168.

bReEREE

243 TO 10.10.10.5:53 PERMIT UDP 143 BYTES
076 TO 10.10.35.221:80 PERMIT TCP 100 BYTES
244 TO 10.10.1.1:22 DENY TCP 1 BYTES

034 TO 10.10.10.5:53 PERMIT UDP 5.3M BYTES
311 TO 10.10.200.50:3389 DENY TCP 1 BYTES
93:2356 TO 10.10.50.199:25 PERMIT TCP 20K aymne

Which of the following IP addresses does the analyst need to investigate further?

Answers

A. 192.168.1.1

B. 192.168.1.10

C. 192.168.1.12

D. 192.168.1.193

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question