An organization is reviewing their network log policies to ensure they can effectively identify unauthorized access attempts. Which of the following logging details should the organization prioritize to BEST meet this objective?
Timestamps of data transfer
Record the source IP address for all incoming traffic
The total amount of data transferred during each session
Recording the source IP address is vital for tracking the origin of network traffic and identifying potential unauthorized access attempts. Knowing where the traffic originates from can help determine if the access attempts are coming from within the organization's internal network, or if they are external threats. Without this information, it would be challenging to locate the source of the security threat and take appropriate actions. Timestamps alone are not enough because they do not provide information about where the access attempt originated. Usernames are important for access logs but are not directly related to network traffic. The amount of data transferred may be an indicator of exfiltration but is less specific to unauthorized access attempts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between unauthorized access and legitimate access?
Open an interactive chat with Bash
Why is the source IP address important for security logs?
Open an interactive chat with Bash
What are some best practices for reviewing network log policies?