A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)
B. Web server logs
Explanation: Web server logs contain critical information such as client requests, HTTP status codes, and errors, which can indicate potential web server compromises, such as suspicious requests, unusual traffic, or malicious activity targeting the server.
D. Proxy logs
Explanation: Proxy logs capture details about web traffic flowing through the proxy server, including requests made to external websites. These logs can reveal abnormal traffic patterns or requests to suspicious domains, indicating a possible web server compromise.
Why the other options are less suitable:
A. NetFlow logs: NetFlow logs provide summary information about network traffic flows but not web server interactions or compromises.
C. Domain controller logs: These logs track authentication and user account activity in a domain environment, not web server activity.
E. FTP logs: FTP logs track file transfers, not web server compromises.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
044f354
2 months, 4 weeks ago