GIAC
GCIH · Question #349
GCIH Question #349: Real Exam Question with Answer & Explanation
The correct answer is A: Traffic logs from the border routers serving the web server farm. Firewall or router logs from the perimeter can help to identify unusual traffic destined for the affected web servers. Analyzing the processes running on unaffected servers will not help. Checking the versions and configuration of the Apache servers can verify if an identified pr
Incident Response & Cyber Kill Chain
Question
Your company's web server administrator reports that the Apache servers are running slowly, but the IIS servers are not. Based on this report, which of the following pieces of information will help you determine the event should be classified as an incident?
Options
- ATraffic logs from the border routers serving the web server farm
- BThe Apache versions from the affected web servers
- CThe output of the netstat command from an IIS server
- DThe httpd configuration files from the Apache servers
Explanation
Firewall or router logs from the perimeter can help to identify unusual traffic destined for the affected web servers. Analyzing the processes running on unaffected servers will not help. Checking the versions and configuration of the Apache servers can verify if an identified problem is a misconfiguration.
Topics
#incident classification#web server attack#traffic logs#event correlation
Community Discussion
No community discussion yet for this question.