CompTIA
CAS-002 · Question #173
CAS-002 Question #173: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-002 to reveal the answer and full explanation for question #173. The question stem and answer options stay visible for context.
Question
A security administrator is conducting network forensic analysis of a recent defacement of the company's secure web payment server (HTTPS). The server was compromised around the New Year's holiday when all the company employees were off. The company's network diagram is summarized below: - Internet - Gateway Firewall - IDS - Web SSL Accelerator - Web Server Farm - Internal Firewall - Company Internal Network The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday. Which of the following is true?
Options
- AThe security administrator should review the IDS logs to determine the source of the attack
- BThe security administrator must correlate the external firewall logs with the intrusion
- CThe security administrator must reconfigure the network and place the IDS between the SSL
- DThe security administrator must correlate logs from all the devices in the network diagram to
Unlock CAS-002 to see the answer
You've previewed enough free CAS-002 questions. Unlock CAS-002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.