CompTIA Security+ Question D-53

The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC, DST, ALERT, Directory traversal
10:45:02 EST, SRC, DST, ALERT, Account brute force
10:45:03 EST, SRC, DST, ALERT, Port scan
The external party is reporting attacks coming from Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?

A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.

Answer: D

PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.