GCIH · Question #752
Which of the following logs could be queried to identify Azure, Amazon and Google storage use in an organization?
The correct answer is D. HTTP Proxy. HTTP proxy logs capture outbound web requests, making them the best source for identifying access to cloud storage services across all providers.
Question
Which of the following logs could be queried to identify Azure, Amazon and Google storage use in an organization?
Options
- ADNS
- BAuthentication
- CWeb Server
- DHTTP Proxy
How the community answered
(41 responses)- A2% (1)
- B5% (2)
- C7% (3)
- D85% (35)
Why each option
HTTP proxy logs capture outbound web requests, making them the best source for identifying access to cloud storage services across all providers.
DNS logs record domain resolution requests but do not capture the full request context or confirm that cloud storage services were actually accessed and used.
Authentication logs track login and token events tied to identity providers, not outbound data transfer to cloud storage endpoints.
Web server logs are server-side records of incoming requests to a hosted service, not client-side outbound traffic destined for external cloud storage.
HTTP proxy logs record all outbound HTTP/HTTPS requests from endpoints, including requests to cloud storage URLs such as s3.amazonaws.com, blob.core.windows.net, and storage.googleapis.com. This gives security teams URL-level visibility into cloud storage usage regardless of provider. DNS and authentication logs lack the specificity needed to distinguish cloud storage access from general web traffic.
Concept tested: HTTP proxy log analysis for cloud storage detection
Source: https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad
Topics
Community Discussion
No community discussion yet for this question.