PrepAway - Latest Free Exam Questions & Answers

Which of the following will help detect changes made by an intruder to the system log of a server?

Which of the following will help detect changes made by an intruder to the system log of a server?

A. Mirroring the system log on another server

B. Simultaneously duplicating the system log on a write-once disk

C. Write-protecting the directory containing the system log

D. Storing the backup of the system log offsite

Explanation:

A write-once CD cannot be overwritten. Therefore, the system log duplicated on the disk could be compared to the original log to detect differences, which could be the result of changes made by an intruder. Write-protecting the system log does not prevent deletion or modification, since the superuser can override the write protection. Backup and mirroring may overwrite earlier files and may not be current.


Leave a Reply