During the analysis phase of an incident, an analyst is tasked with determining the scope of a suspected breach on several servers. Which data source will MOST likely provide the comprehensive information required to assess the activities on the affected servers?
Operating system-specific security logs are designed to record events that are significant to the security of the operating system. They can provide detailed information about the activities on a server, such at login attempts, access to protected objects, and changes to security policies. These logs are more likely to give an accurate picture of the scope of a suspected breach compared to the other options, which may provide too broad or peripheral view, or lack the level of detail necessary for an analysis of server activities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What kind of information do operating system-specific security logs typically contain?
Open an interactive chat with Bash
How are packet captures different from operating system-specific security logs?
Open an interactive chat with Bash
Why are firewall logs less effective for determining the scope of a suspected breach on servers?