210-255 · Question #53
Refer to the exhibit. Which type of log is this an example of?
The correct answer is D. IDS log. The exhibit shows an IDS log, which is characterized by structured alert fields such as signature ID, severity level, source/destination IP, port, and the name of the triggered detection rule.
Question
Refer to the exhibit. Which type of log is this an example of?
Exhibit
Options
- Asyslog
- BNetFlow log
- Cproxy log
- DIDS log
How the community answered
(26 responses)- B4% (1)
- C8% (2)
- D88% (23)
Why each option
The exhibit shows an IDS log, which is characterized by structured alert fields such as signature ID, severity level, source/destination IP, port, and the name of the triggered detection rule.
Syslog is a general-purpose system event logging protocol that records OS or application events and does not contain IDS-specific fields like signature IDs or alert classifications.
NetFlow logs capture flow-level metadata such as source/destination IP, port, byte count, and packet count, but do not include threat signatures or alert severity ratings.
Proxy logs record web browsing activity including URLs, HTTP methods, user agents, and response codes - not threat detection alerts or signature rule data.
IDS logs are generated by intrusion detection systems such as Snort or Suricata and contain fields unique to threat detection - including signature or rule IDs, alert classifications, severity levels, and the specific threat name that triggered the alert. These distinguishing fields differentiate IDS logs from general system or network logs. The presence of a matched signature reference alongside network 5-tuple data is the hallmark of an IDS alert log entry.
Concept tested: Identifying IDS log format and distinguishing characteristics
Source: https://docs.snort.org/rules/headers
Topics
Community Discussion
No community discussion yet for this question.
