Which advantage over host-based logging when reviewing malicious activity about a victim machine?

– by 8

Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?
A. Addresses and protocols of network-based logs are analyzed.
B. Host-based system logging has files stored in multiple locations.
C. Properly handled network-based logs may be more reliable and valid.
D. Network-based systems cannot capture users logging into the console.

Download Printable PDF. VALID exam to help you PASS.

8 thoughts on “Which advantage over host-based logging when reviewing malicious activity about a victim machine?

  1. Lests read the answer A like this: Addresses and protocols of “MyServer” are analyzed. what this mean, nothing for me. So it’s out.

    For me the advantage is the possibility to have the same information in more one location (see this link for Palo Alto for exemple: https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/panorama-overview/centralized-logging-and-reporting/local-and-distributed-log-collection.html#id7319f3fe-40d7-4518-9904-2fd9f38f3a8e)

    Reply

  2. I tend to agree with Anonymous, answer should be C. I think what the question refers to as “properly handled network-based logs” are a centralized syslog system. It is much tougher for a hacker to wipe their tracks clean with a network log system than a host log system, making the network-based logs more reliable and valid.

    4
    Reply

  3. My guess is C

    If attacker compromise a victim machine, he can delete or modify the logs.
    However, if we redirect the logs to the log server (syslog as example), we can still analyze them even if compromised host is wiped clean.

    Reply

  4. This is a tough one, but I’m going with A. Host-based logs can be reliable and valid too, as long as they are stored properly. Like putting them in a log repository with read only access. The main advantage of Network Based logs is you get a larger view of network activity with addresses and protocols within the network.

    3
    Reply

  5. I think it is A because host logs will probably lack the network protocols, ports, and/or originating IP source of the attacker vs the host logs will provide the services or files that were accessed and or modified.

    Reply

  6. I select answer with “B”
    A, I can’t understand what it means..
    C, I think it does not different about reliability and validity with host-based and network-based
    D, It’s not advantage

    1
    Reply

  7. I am going with C here.

    Network logs can read the contents and header of all traffic going across the wire.

    Host logs rely heavily on audit trails, which may not have as much information as the network logs will give you.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.