Valid 312-39 Dumps shared by ExamDiscuss.com for Helping Passing 312-39 Exam! ExamDiscuss.com now offer the newest 312-39 exam dumps, the ExamDiscuss.com 312-39 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 312-39 dumps with Test Engine here:
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming. Which of the following data source will he use to prepare the dashboard?
Correct Answer: A
To monitor and visualize Tor traffic hitting the network, John would need data sources that can provide detailed information about the source IP addresses of incoming traffic, as well as the capability to resolve these IP addresses to more identifiable information such as hostnames or geographical locations. DHCP logs, or other log sources capable of maintaining detailed IP address records and facilitating IP-to-Name resolution, would be suitable for this purpose. This data would allow John to create a dashboard in the SIEM system that maps the source IP addresses of Tor traffic to their corresponding locations or identities, providing insights into where the Tor traffic is originating. While web server logs (options B, C, and D) can provide IP addresses, they might not offer the same level of detail or resolution capabilities as DHCP logs or similar network-level logs for this specific use case. References: * "Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management" by Anton Chuvakin, Kevin Schmidt, and Chris Phillips. * "Tor: The Second-Generation Onion Router" by Roger Dingledine, Nick Mathewson, and Paul Syverson.
