During an investigation of a cloud-based webmail login using compromised credentials, a security analyst needs to review information about the source IP for the login. Which of the following logs should the analyst retrieve?

Rationale

A security analyst needs to review information about the source IP for the login, so the analyst should retrieve Network logs.

Network logs capture data about the traffic and connections made over the network, including source and destination IP addresses, which are crucial for identifying where the login attempts originate. These logs provide insights into unauthorized access and potential threats stemming from compromised credentials.

A (Network) YOUR ANSWER

Network logs are essential for tracking and analyzing all incoming and outgoing traffic on a network. They contain records of source and destination IP addresses, which are vital for understanding the context of a login attempt, especially when compromised credentials are involved. This makes them the most relevant logs for the analyst's investigation.

B (Application) CORRECT

Application logs document events and transactions occurring within a specific application, such as the webmail service in question. While they may include details about the login attempts, they typically do not provide direct information about the source IP address, which is crucial for identifying the origin of the compromised credentials.

C (System) YOUR ANSWER

System logs provide information about the operating system's events, including system errors and status messages. Although they can offer some insights into system health and performance, they do not specifically track network activity or provide source IP information relevant to login attempts.

D (Firewall) YOUR ANSWER

Firewall logs record traffic that is allowed or denied by the firewall rules in place. While they might indicate actions taken on specific traffic, they do not provide comprehensive details about all login attempts, particularly in relation to the source IP of compromised credentials.

Conclusion

In the context of investigating a cloud-based webmail login using compromised credentials, Network logs are the most appropriate resource for a security analyst. They provide essential details about the source IP, enabling effective identification and analysis of potential security breaches. Other types of logs, while informative, do not offer the specific insights needed for this particular investigation.

During an investigation of a cloud-based webmail login using compromised credentials, a security analyst needs to review information about the source IP for the login. Which of the following logs should the analyst retrieve?

A security analyst needs to review information about the source IP for the login, so the analyst should retrieve Network logs.

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test