26 Nov Practice Test Question- Logs
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Kaitlyn is investigating a security incident and is not sure which systems were contacted from a compromised host.
What log information would be most helpful to her in this case?
A. Router Logs
B. Host Firewall Logs
C. Netflow Logs
D. Application Logs
Correct Answer: C
It is possible that any of these log sources might contain relevant information, but the netflow logs are most likely to be helpful, as they track network connections directly. Router logs do not normally record network traffic, but rather track router events. Host firewall logs may contain the relevant information, but they could be spread across multiple systems. Application logs would only contain application-specific information.