nerdexam
EC-Council

EC0-350 · Question #433

EC0-350 Question #433: Real Exam Question with Answer & Explanation

The correct answer is D. Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.. See the full explanation below for the reasoning.

Question

A company has hired a security administrator to maintain and administer Linux and Windows- based systems. Written in the nightly report file is the following. Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again. Which of the following actions should the security administrator take?

Options

  • ALog the event as suspicious activity and report this behavior to the incident response team immediately.
  • BLog the event as suspicious activity, call a manager, and report this as soon as possible.
  • CRun an anti-virus scan because it is likely the system is infected by malware.
  • DLog the event as suspicious activity, continue to investigate, and act according to the site's security policy.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full EC0-350 Practice