Which of the following MUST be in place to recognize a system attack?
A. Stateful firewall
B. Distributed antivirus
C. Log analysis
D. Passive honeypot
|
Download Printable PDF. VALID exam to help you PASS. |
 |
Which of the following MUST be in place to recognize a system attack?
A. Stateful firewall
B. Distributed antivirus
C. Log analysis
D. Passive honeypot
|
Download Printable PDF. VALID exam to help you PASS. |
|
This way of thinking.
1) Monitor the operation of FireWall in real time.
2) Monitor the operation of all antivirus software in real time.
3) Monitor the logs of all server systems in real time.
4) Monitor the condition of the honeypot in real time.
In the above scenario, a is the correct answer.
“MUST be in place”, what if I have a stateless FW? that maen that I can not recognize a system attack?
For me Log analysis is the best answer and it refer to a system that collect logs from more that one system (ie SIEM).
C is correct
Can’t analyze the logs of a firewall if you do not have a firewall. Pretend you can only choose one of the listed options.
A system attack it note necessarily attack through the firewall. It could be an internal attack on one of the systems in the local network. This could be detected by SIEM or detected & prevented by HIPS. Both perform log analysis.
I believe C is correct. I think people are misunderstanding what log analysis could be referring to in this question. To me, log analysis is not reviewing individual system logs to look for malicious behavior. No, I’m pretty sure it refers to a SIEM system and that is what can recognize system attacks, not firewalls. If a SIEM is in place set up properly to receive logs from servers, firewalls, and other network devices, the data can be analyzed to recognize potential attacks.
https://en.wikipedia.org/wiki/Security_information_and_event_management
How many questions did you get from here if you have taken your exam?
Thank you!
I missed the this word. just I thought if the attacker is inside, FW can not detect it.
but, “be in place” to recognize, it would be A is correct answer.
nag, I think is A because of the key “be in place”. Logs could be more passive
Is C correct answer?