In the example shown, Host A has attempted a D-COM attack using metasploit form Host A to Host B. Which answer best describes how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose 3)
A.
The syslog connection built event will indicate that an attack is likely because a TCP syn and an ack followed the attempted attack.
B.
The IPS event will suggest that an attack may have occurred because a signature was triggered.
C.
CS-MARS will collect the syslog and the IPS alerts based on time.
D.
ASA will see the attack in both directions and will be able to determine if an attack was successful.
E.
IPS and ASA will use the Unified Threat Management protocol to determine that both devices saw the attack.