Question: 47) An SOC shift supervisor is looking through the admin access logs for the core Layer 3 switches and border gateway firewalls. The supervisor notices

47) An SOC shift supervisor is looking through the admin access logs for the core Layer 3 switches and border gateway firewalls. The supervisor notices there were no administrative access entries for the previous day, but knows IOS upgrades were scheduled on the switches and firewalls according the change control board notifications from the last shift logs. A quick review of the syslog server shows all the files from the previous two hours have the same timestamp, the same for the two-hour period before that, and so on Which of the following is the MOST likely cause? A) A hacker has compromised the network and is in the process of systematically erasing evidence B) The two-hour timestamp consistency is the result of a script running every two hours, C) The upgrades and updates were pushed to a future date. The two-hour timestamp consistency D) The two-hour timestamp consistency is the result of an APT that regularly rewrites the log files of all activity by running an "admin scrape' script every two hours compressing and archiving log files before aggregating them to the admin access logs. is the result of a script running every two hours that makes all log files read-only to disguise its presence

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Analyze Sands Hotel and Casino Case based on Accounting Information Systems Case 3-1: Controls at the Sands H otel and Casino 105 CASE 3-1: CONTROLS AT THE SANDS HOTEL AND CASINO This case...

Example of organogram for textile industry is given. I need organogram & employee list for 'Tannery' industrial village Organogram An organizational chart/organogram is a diagram that shows the...

For this assessment, you will work in your teams. These teams will "emulate" 3-days of shift rotations in the SOC. Break into your "teams" Nominate a "shift supervisor" for these shifts: Day Shift -...

CHAPTER 3 Describing Data: Numerical Basic and Applied Questions QUESTIONS 119 AND 120 ARE BASED ON THE FOLLOWING INFORMATION: The police lieutenant in charge of the traffic division has reviewed the...

Management must understand what needs to change. A culture of performance excellence is very different from a traditional management culture. Many traditional practices stem from the fundamental...

What arguments can be presented from the union side are to be presented in front of the arbitrator. Upper Grand District School Board v. Canadian Union of Public Employees, Local 256 (Kelly...

Please provide the answer for the following questions. The questions need good details. Mini Case Number 2 Due in the beginning of March 16th class FIRE ME WHY DON'T YOU? Please read the attached...

the programming Challenge 3, TeamLeader class, Page# 981. Hire_date member variable must be of Date type. Add Date class in your project. This class should at least contain: (a) three member...

Which one of the following transactions is an investing activity? Sale of equipment at book value S ale of merchandise on credit Declaration of cash dividend issuance of bonds payable at a discount

If cot 0 = 8, find the value of cot 0+ cot (0 + T)+ cot (0+ 2n). cot 0+ cot (0 + T) + cot (0+ 2t) = (Simplify your answer.)

true ot false ....9. As the donated shares are sold, the proceeds are credited to a paid-in capital account, donated capital, which is shown in the income statement. _____ 10. A Corporation may also...

Create a project using the usual naming convention and add a class with a main. Do all the following in the class with main. Remember to make methods in the class with main static. Part A Add a...