312-49 · Question #472
312-49 Question #472: Real Exam Question with Answer & Explanation
The correct answer is A: Analyzing log files. Application and web server log files record HTTP requests, source IP addresses, timestamps, error codes, and user-agent strings. Analyzing these log files is the primary method for determining the source (attacker IP), nature (type of attack such as SQL injection or directory tra
Question
Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks. The source, nature, and time of the attack can be determined by _________of the compromised system.
Options
- AAnalyzing log files
- BAnalyzing SAM file
- CAnalyzing rainbow tables
- DAnalyzing hard disk boot records
Explanation
Application and web server log files record HTTP requests, source IP addresses, timestamps, error codes, and user-agent strings. Analyzing these log files is the primary method for determining the source (attacker IP), nature (type of attack such as SQL injection or directory traversal), and time of a web-based attack on a compromised system. SAM files store credential hashes, rainbow tables are used for cracking passwords, and boot records relate to disk structure — none of these reveal web attack details the way log analysis does.
Topics
Community Discussion
No community discussion yet for this question.