An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?
I choose A because an analyst has determined a server was not patched, it means a vulnerability, it is from internal. If a system was attacked, it will have recorded on security log.
If you haven't gotten attacked, how can security log have such thing? Just a vulnerability from internal system, should use vulnerability scan.
a---To best ascertain how the incident could have been prevented, the analyst should review the vulnerability scan. The fact that the server was not patched indicates that there was a vulnerability that was not addressed, which allowed the external actor to exfiltrate data. Reviewing the vulnerability scan will help identify the specific vulnerability that was exploited and determine why it was not patched. The security logs may provide additional information about the attack itself, but they are unlikely to reveal the underlying vulnerability that allowed the attack to occur.
The question indicates which of the following the security administrator will "REVIEW" (meaning the breach has already occurred) to determine how the attack occurred. Review the security logs as everything that happens inside the system is logged and it will be a productive point to determine what happened.
A vulnerability scan report is another important source when determining how an
attack might have been made. The scan engine might log or alert when a scan report
contains vulnerabilities. The report can be analyzed to identify vulnerabilities that have
not been patched or configuration weaknesses that have not been remediated. These
can be correlated to recently developed exploits.
they didn't ask abt preventing the attack, the question rightly points out that which of the following would the analyst " REVIEW" (meaning the breach has already occurred) in order to determine how the attack occurred. the provided answer is correct. review security logs since everything that occurs within the system is logged and that would be a fertile spot to determine what happened.
Which security logs is not mentioned.. though all of them will be security anyhow
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Big_ram
1 year, 6 months agohrncgl
1 year, 8 months agoSophyQueenCR82
2 years, 1 month agoAhmed_aldouky
2 years, 2 months ago[Removed]
2 years, 3 months agoStickyMac
3 years, 11 months agoLJ32
4 years, 2 months agoL1singh
4 years, 1 month agoKenCW
3 years, 10 months agoleesuh
4 years, 1 month agoekinzaghi
3 years, 9 months agoMoMurt
2 years, 7 months agomcNik
4 years, 3 months ago