You run a website in an IaaS environment. You wake up to discover that your website has been defaced. Assume you are running a web server and an FTP server in this environment and that both an application proxy and a firewall sit between those servers and the Internet. All of your VMs are running SSH servers. What logs might help you determine how the website was defaced? What kind of information
would you look for?
What will be an ideal response?
Some
possible
logs
to
look
at
and
the
SSH
connection
logs,
FTP
logs,
application
proxy
logs,
firewall
logs,
and
server
security
event
logs.
Look
for
logins,
connections
from
unknown
IP
addresses,
file
uploads,
and
changes
to
files.
You might also like to view...
Once you ____________________ a layer, you can rename it, remove or modify objects on it, and/or add new objects to it.
Fill in the blank(s) with the appropriate word(s).
A new remote location is being planned, and the plans include the deployment of a SIEM server with distributed sensors. Which of the following is NOT a benefit that can be derived from this system?
A. improved performance B. secured log information C. audit log reduction D. event correlation
What are the four parts to every function?
A. An equal sign, the function name, a set of parentheses, and variables B. An equal sign, the function name, a set of brackets, and arguments C. An equal sign, the function name, a set of parentheses, and arguments D. A plus sign, the function name, a set of parentheses, and arguments
The maximum amount of time that a system resourceĀ can remain unavailable before there is an unacceptable impact on other system resources andĀ supported business processes is known as __________.
A. maximum tolerable downtime (MTD) B. recovery point objective (RPO) C. work recovery time (WRT) D. recovery time objective (RTO)