CISSP · Question #912
Which of the following MUST be in place to recognize a system attack?
The correct answer is C. Log analysis. Log analysis is crucial for recognizing a system attack. By monitoring and analyzing logs from various sources such as firewalls, intrusion detection systems (IDS), servers, and applications, security teams can detect patterns or anomalies that indicate a potential attack. Logs o
Question
Which of the following MUST be in place to recognize a system attack?
Options
- AStateful firewall
- BDistributed antivirus
- CLog analysis
- DPassive honeypot
How the community answered
(32 responses)- A3% (1)
- B6% (2)
- C88% (28)
- D3% (1)
Explanation
Log analysis is crucial for recognizing a system attack. By monitoring and analyzing logs from various sources such as firewalls, intrusion detection systems (IDS), servers, and applications, security teams can detect patterns or anomalies that indicate a potential attack. Logs often provide detailed information about system behavior, user actions, and network activity that can help identify malicious behavior in real-time or during post-incident analysis. Key points about log analysis: It helps detect unusual activities such as failed login attempts, privilege escalations, or unexpected network traffic, which may indicate an attack. It is an essential part of a security information and event management (SIEM) system that helps organizations centralize and correlate logs for faster attack detection.
Topics
Community Discussion
No community discussion yet for this question.