Can Socket Inc. find out that no persistent backdoor was placed and that the attack was initiated from an employee inside the company by reviewing event logs that record user faults and exceptions? Refer to scenario 3.
A.
Yes, Socket Inc. can find out that no persistent backdoor was placed by only reviewing user faults and exceptions logs
B.
No, Socket Inc. should also have reviewed event logs that record user activities
C.
No, Socket Inc. should have reviewed all the logs on the syslog server
The answer here is C
8.15 Logging
A detective control
To record events, generate evidence, ensure the integrity of log information, prevent against unauthorized access, identify information security events that can lad to an information security incident and to support investigation
Logs support investigations
Socket examined only two logs when it should examine all.
So what people are doing, login and out etc
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Acrisius
2 months, 1 week ago