Knowee
Questions
Features
Study Tools

If you are investigating a breach where an attacker gained shell access to a server, which logs are most likely to contain relevant evidence?Group of answer choicesNginx logsSquid logsauth logs

Question

If you are investigating a breach where an attacker gained shell access to a server, which logs are most likely to contain relevant evidence?Group of answer choicesNginx logsSquid logsauth logs

🧐 Not the exact question you are looking for?Go ask a question

Solution

If you are investigating a breach where an attacker gained shell access to a server, the logs that are most likely to contain relevant evidence are auth logs.

Here's why:

  1. Nginx logs: Nginx is a web server, and its logs primarily contain information about HTTP requests and responses. While these logs can be useful in an investigation, they are not likely to contain information about shell access.

  2. Squid logs: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid logs would contain information about web traffic, not shell access.

  3. Auth logs: These logs contain information about authentication mechanisms on your server. If an attacker gained shell access to your server, it's likely that they had to authenticate in some way, and this would be logged in the auth logs. Therefore, auth logs are the most likely to contain relevant evidence in this case.

This problem has been solved

Similar Questions

1.Question 1What is the primary purpose of logs during incident investigation?1 pointTo improve user experienceTo manage alert volumesTo provide a record of event detailsTo identify and diagnose system issues2.Question 2A security analyst wants to determine whether a suspicious login was successful. Which log type would be most useful for this purpose?1 pointAuthenticationNetworkSystem Firewall3.Question 3In the following log, what action does the log entry record?[ALLOW: wikipedia.org] Source: 192.167.1.1 Friday, 10 June 2022 11:36:121 point192.167.1.1SourceALLOWFriday, 10 June 2022 11:36:124.Question 4Fill in the blank: _____ is the process of examining logs to identify events of interest. 1 pointLog analysisLoggingLog forwarderLog file

Which of the following types of information can an attacker capture using a sniffing tool?Usernames and passwordsOperating system logsBrowser historyFirewall rules

Which of the following statements correctly describe logs? Select two answers.1 pointLogs help identify vulnerabilities and potential security breaches. Security professionals use logs to query databases.A business might log errors that occurred as a result of high network traffic.A log is used as a formal guide to incident response.

If you wanted to monitor the activities of a web proxy server, including details about client requests and server responses, which logs would be most relevant?Group of answer choicesLinux auth logsSquid logsNginx logs

Question 1Which of the following statements correctly describe logs? Select three answers.1 pointConnections between devices and services on a network are recorded in a firewall log.Outbound requests to the internet from within a network are recorded in a firewall log.Actions such as login requests are recorded in a server log.Security teams monitor logs to identify vulnerabilities and potential data breaches.

1/2

Upgrade your grade with Knowee

Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.