ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 714 discussion

Actual exam question from CompTIA's SY0-601
Question #: 714
Topic #: 1
[All SY0-601 Questions]

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?

  • A. Memory dumps
  • B. The syslog server
  • C. The application logs
  • D. The log retention policy
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by predsednik at Oct. 6, 2023, 7:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
predsednik
Highly Voted 1 year, 8 months ago
Selected Answer: B
B. The syslog server It is good security practice for organizations to have Syslog server configured and logs from all systems forwarded and stored to it, just in cases like this mentioned in the question, where attacker could get access to the host and delete all logs from it trying to cover his tracks.
upvoted 9 times
...
shady23
Most Recent 1 year, 1 month ago
Selected Answer: B
B. The syslog server
upvoted 1 times
...
Geronemo
1 year, 2 months ago
Selected Answer: B
Syslog is a standard protocol used to send log messages across an IP network. By configuring the syslog server to receive log messages from various systems and applications within the company's infrastructure, the administrator ensures that copies of the log messages are stored centrally and independently from the systems generating them. Even if the privileged user deleted log files from individual servers, the logs may still exist on the syslog server. This provides investigators with an additional source of information for reviewing activities, including the unauthorized access and document theft.
upvoted 2 times
...
Peshokp
1 year, 7 months ago
Selected Answer: B
A syslog server is a central repository for log messages generated by various devices and applications on a network. It is a valuable tool , it can provide a comprehensive record of network activity. The log retention policy - is just a policy cannot be configure from the administrator
upvoted 4 times
...
DashRyde
1 year, 8 months ago
Selected Answer: D
Since the attacker deleted all logs the only answer i can think is log retention policy. correcrt me if am wrong
upvoted 1 times
Jackwasblk
1 year, 7 months ago
you can't configure a policy but you can a server...
upvoted 4 times
...
DashRyde
1 year, 8 months ago
Change my mind Syslog server seems to be configured since it's the best practice + preserving logs from malicious manipulation.
upvoted 6 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel