Exam SY0-601 topic 1 question 396 discussion

We would not have access to the web server logs of someone on the internet. Only DNS would show where he visited.

DNS logs could also be useful in determining the origin of malware in some cases. DNS logs can provide information about the domain names that the infected host attempted to resolve or communicate with. By analyzing the DNS logs, the incident response team can identify any suspicious or malicious domain names that the infected host may have interacted with.

DNS log files record DNS queries, such as each request to resolve a hostname to an IP address. These log entries would include the system that sent the request and the IP address returned for the hostname. These log entries can be useful in identifying potentially malicious websites. As an example, imagine Bart spends a few hours browsing the Internet using his company computer. One of the websites downloaded malware onto his system, but he doesn’t know which one and can’t remember all of the sites he visited. By searching the DNS log files, administrators can identify all of the sites he visited based on his DNS queries.

Of course, A it's not possible to search on the web server logs as it's on internet

The best answer is B. The web server logs If Joe did not receive emails with links but had been browsing the internet, the malware may have been delivered through a web-based attack. Checking the web server logs can help identify suspicious or malicious activity originating from websites or web servers Joe visited, which can provide insights into the source of the malware infection. DNS logs primarily track domain resolution, SIP traffic logs are related to VoIP communication, and SNMP logs are related to network management and monitoring and may not directly show the source of web-based malware infections. DNS logs will not provide the granular level of information as the web server logs.

DNS server logs provide rich information about what sites users visit, and they show whether any malicious applications reach out to command-and-control sites.

DNS server logs provide rich information about what sites users visit, and they show whether any malicious applications reach out to command-and-control sites.

The web server logs would be the most likely to show where the malware originated. They can help identify any suspicious URLs that were accessed by the host and determine whether they are associated with malware12. DNS logs would show the DNS resolution requests made by the host, SIP traffic logs would show traffic related to VoIP calls, and SNMP logs would show network device statistics and performance metrics1.

A. The DNS logs Why is DNS Monitoring Important? An effective system of DNS monitoring is critical to the reliability of your website, as well as the security and trust of your users. Because the DNS is a popular target for hackers, it's important to keep a close eye for any malicious attacks on your domains and services.

Web Server Logs ChatGPT says:In the scenario given, the user reported that they did not receive any emails with links, but they had been browsing the internet all day. This suggests that the malware may have been downloaded or delivered through a web-based attack, rather than through email. DNS logs are useful for tracking network traffic, but they do not provide information on what specifically happened on the web server. On the other hand, web server logs can provide more detailed information about web-based activity, such as which websites were visited, which files were downloaded, and which IPs accessed the server. Therefore, in this scenario, the web server logs would be more useful for identifying the source of the malware. By analyzing the logs, the incident response team can potentially identify which websites or web-based applications the user interacted with, which may have been compromised and delivered the malware.

DNS logs

A. The DNS logs

A is better than B

A. The DNS Logs