A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?
Among the options provided, the log source that would most likely confirm the malware infection on the company-owned and managed laptop is:
A. XDR logs
XDR (Extended Detection and Response) logs aggregate and correlate data from various security sources, such as endpoint detection and response (EDR), network traffic analysis (NTA), and other security tools. These logs provide comprehensive visibility into security events and incidents across the organization's infrastructure.
If the laptop is suspected to have malware, the EDR component of the XDR solution would likely generate logs indicating suspicious or malicious behavior on the endpoint. This could include activities such as file modifications, process executions, network connections to known malicious domains, or other indicators of compromise (IOCs) associated with malware infections.
XDR (Extended Detection and Response) is a security tool that collects and correlates data across multiple security layers, including endpoints, networks, and cloud environments. XDR logs would provide detailed insights into suspicious activities, such as malware behavior, process execution, and anomalous patterns on the laptop. These logs can help confirm the presence of malware by analyzing behaviors indicative of an infection.
I would say A. The laptop could be outside of the company network and an IDS would not have any relevant logs. Only the XDR would have logs in that situation.
This is XDR logs. XDR and EDR are sometimes interchangeable terms.
IDS is traditionally associated with network traffic, and logs are typically collected from networking devices, not user workstations.
Intrusion Detection System (IDS) logs are specifically designed to monitor network traffic for suspicious or malicious activity. If the laptop is suspected to have malware, the IDS logs may capture network traffic associated with the malware's behavior, such as communication with command-and-control servers, attempts to exploit vulnerabilities, or unusual patterns of data transfer.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
glenndexter
Highly Voted 1 year agoIykbay
9 months agoPatrickH
12 months agocy_analyst
Most Recent 6 months, 3 weeks agoHL2020
1 year agoEduardoo7
1 year agoCyberJackal
1 year, 1 month agoBogus1488
1 year, 1 month ago[Removed]
1 year, 1 month ago