ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50 All Questions

View all questions & answers for the 312-50 exam
Go to Exam

Exam 312-50 topic 3 question 48 discussion

Actual exam question from ECCouncil's 312-50
Question #: 48
Topic #: 3
[All 312-50 Questions]

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following:
Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.
Which of the following actions should the security administrator take?

  • A. Log the event as suspicious activity and report this behavior to the incident response team immediately.
  • B. Log the event as suspicious activity, call a manager, and report this as soon as possible.
  • C. Run an anti-virus scan because it is likely the system is infected by malware.
  • D. Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by AlbertDenmark at May 12, 2023, 8:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AlbertDenmark
6 months, 4 weeks ago
Strange questions. Depends totally on the organization's structure. Not every organization has such a security policy - only perhaps in Utopia.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel