SY0-501 · Question #323
SY0-501 Question #323: Real Exam Question with Answer & Explanation
Sign in or unlock SY0-501 to reveal the answer and full explanation for question #323. The question stem and answer options stay visible for context.
Question
An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?
Options
- AEnable verbose system logging
- BChange the permissions on the user's home directory
- CImplement remote syslog
- DSet the bash_history log file to "read only"
Unlock SY0-501 to see the answer
You've previewed enough free SY0-501 questions. Unlock SY0-501 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.