PrepAway - Latest Free Exam Questions & Answers

Which of the following will help detect changes made by an intruder to the system log of a server?

Which of the following will help detect changes made by an intruder to the system log of a server?

PrepAway - Latest Free Exam Questions & Answers

A.
Mirroring the system log on another server

B.
Simultaneously duplicating the system log on a write-once disk

C.
Write-protecting the directory containing the system log

D.
Storing the backup of the system log offsite

Explanation:

A write-once CD cannot be overwritten. Therefore, the system log duplicated on the disk could be
compared to the original log to detect differences, which could be the result of changes made by
an intruder. Write-protecting the system log does not prevent deletion or modification, since the
superuser can override the write protection. Backup and mirroring may overwrite earlier files and
may not be current.


Leave a Reply