Security logs | Exam Premium

CompTIA Security+ Question K-84

An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls, if in place could have BEST prevented this successful attack?

A. Password history
B. Password complexity
C. Account lockout
D. Account expiration

Answer: C

CompTIA Security+ Question I-40

Which of the following practices is used to mitigate a known security vulnerability?

A. Application fuzzing
B. Patch management
C. Password cracking
D. Auditing security logs

Answer: B

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from new attacks and vulnerabilities that have recently become known.

CompTIA Security+ Question F-77

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

A. Detect security incidents
B. Reduce attack surface of systems
C. Implement monitoring controls
D. Hardening network devices
E. Prevent unauthorized access

Answer: A,C

Explanation:
By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is implementing monitoring controls. With the monitoring controls in place, by monitoring the security logs, reviewing the footage from the security cameras and analyzing trend reports, the security analyst is able to detect security incidents.

CompTIA Security+ Question F-19

Which of the following can Peter, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

A. Security logs
B. Protocol analyzer
C. Audit logs
D. Honeypot

Answer: D

Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.

According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:

The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. The hacker can be caught and stopped while trying to obtain root access to the system. By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

There are two main types of honeypots: Production – A production honeypot is one used within an organization’s environment to help mitigate risk. Research – A research honeypot add value to research in computer security by providing a platform to study the threat.

CompTIA Security+ Question D-82

When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record?

A. DNSSEC record
B. IPv4 DNS record
C. IPSEC DNS record
D. IPv6 DNS record

Answer: D

Explanation:
The AAAA Address record links a FQDN to an IPv6 address.

CompTIA Security+ Question C-63

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

A. SaaS
B. MaaS
C. IaaS
D. PaaS

Answer: B

Explanation:
Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.

CompTIA Network+ Question C-34

After a recent breach, the security technician decides the company needs to analyze and aggregate its security logs. Which of the following systems should be used?

A. Event log
B. Syslog
C. SIEM
D. SNMP

Correct Answer: C

Explanation:
Using a Security information and event management (SIEM) product, the security logs can be analyzed and aggregated.
SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.
SIEM capabilities include Data aggregation; Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

CompTIA Network+ Question A-66

Jane, a system administrator, is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and that they need to be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following solutions would BEST resolve this problem?

A. Increase the maximum log size
B. Log into the DNS server every hour to check if the logs are full
C. Install an event management tool
D. Delete the logs when full

Correct Answer: C