exam questions

Exam CFR-310 All Questions

View all questions & answers for the CFR-310 exam

Exam CFR-310 topic 1 question 48 discussion

Actual exam question from CertNexus's CFR-310
Question #: 48
Topic #: 1
[All CFR-310 Questions]

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)

  • A. NetFlow logs
  • B. Web server logs
  • C. Domain controller logs
  • D. Proxy logs
  • E. FTP logs
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
044f354
2 months, 4 weeks ago
Selected Answer: BD
B. Web server logs Explanation: Web server logs contain critical information such as client requests, HTTP status codes, and errors, which can indicate potential web server compromises, such as suspicious requests, unusual traffic, or malicious activity targeting the server. D. Proxy logs Explanation: Proxy logs capture details about web traffic flowing through the proxy server, including requests made to external websites. These logs can reveal abnormal traffic patterns or requests to suspicious domains, indicating a possible web server compromise. Why the other options are less suitable: A. NetFlow logs: NetFlow logs provide summary information about network traffic flows but not web server interactions or compromises. C. Domain controller logs: These logs track authentication and user account activity in a domain environment, not web server activity. E. FTP logs: FTP logs track file transfers, not web server compromises.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago