ExamGecko
Search Search Login
Home Home / CompTIA / N10-008
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A user is unable to perform a reverse DNS lookup of an IP address to a hostname. Which of the following DNS record types is missing?
The cybersecurity department needs to monitor historical IP network traffic on the WAN interface of the outside router without installing network sensors. Which of the following would be best to allow the department to complete this task?
Staff members notify a network technician that the wireless network is not working as expected and connectivity to wireless devices is intermittent. Some devices connect but then disconnect. The technician reviews the logs on the WAP controller and identifies thousands of connection attempts from unrecognized devices within a short amount of time. Which of the following is the most likely reason for the wireless network connectivity issue?
A firewall administrator observes log entries of traffic being allowed to a web server on port 80 and port 443. The policy for this server is to only allow traffic on port 443. The firewall administrator needs to investigate how this change occurred to prevent a reoccurrence. Which of the following should the firewall administrator do next?
Which of the following BEST describes a network appliance that warns of unapproved devices that are accessing the network?
Which of the following is the most accurate NTP time source that is capable of being accessed across a network connection?
A global company has acquired a local company. The companies are geographically separate. The IP address ranges for the two companies are as follows: * Global company: 10.0.0.0/16 * Local company: 10.0.0.0/24 Which of the following can the network engineer do to quickly connect the two companies?
A network is experiencing a number of CRC errors during normal network communication. At which of the following layers of the OSI model will the administrator MOST likely start to troubleshoot?
A network administrator is designing a new datacenter in a different region that will need to communicate to the old datacenter with a secure connection. Which of the following access methods would provide the BEST security for this new datacenter?
Which of the following records is the main type in a reverse DNS lookup zone?

Question 705 - N10-008 discussion

Report
Export

An organization has a security staff shortage and must prioritize efforts in areas where the staff will have the most impact. In particular, the focus is to avoid expending resources on identifying non-relevant events. A security analyst is reviewing web server logs and sees the following:

Which of the following should the analyst recommend?

A.
Configuring the web server log to filter out 404 errors on image files
Answers
A.
Configuring the web server log to filter out 404 errors on image files
B.
Updating firewall rules to block 202.180.155.1
Answers
B.
Updating firewall rules to block 202.180.155.1
C.
Resyncing the network time server and monitoring logs for future anomalous behavior
Answers
C.
Resyncing the network time server and monitoring logs for future anomalous behavior
D.
Checking with the penetration testing team to see if the team ran any scans on January 14, 2021
Answers
D.
Checking with the penetration testing team to see if the team ran any scans on January 14, 2021
Suggested answer: A

Explanation:

This answer will help the organization to avoid expending resources on identifying non-relevant events, as the 404 errors on image files are not indicative of any security threat or issue, but rather a misconfiguration or a broken link on the web server. The 404 errors on image files are also very frequent and repetitive, as shown by the web server log, which can clutter the log and make it harder to spot any relevant events. By filtering out these errors, the analyst can focus on more important events and reduce the noise in the log.

The other answers are not as good as A, because they either do not address the problem of identifying non-relevant events, or they are based on incorrect assumptions or information. For example:

B) Updating firewall rules to block 202.180.155.1 is not a good answer, because the IP address 202.180.155.1 is not doing anything malicious or suspicious, but rather requesting image files that do not exist on the web server. Blocking this IP address will not improve the security of the web server, but rather create unnecessary firewall rules and possibly deny legitimate access to the web server.

C) Resyncing the network time server and monitoring logs for future anomalous behavior is not a good answer, because there is no evidence that the network time server is out of sync or causing any problems. The web server log shows that the entries are all within a few minutes of each other, which is normal and expected. Resyncing the network time server will not help the analyst to identify non-relevant events, but rather waste time and resources on an unrelated task.

D) Checking with the penetration testing team to see if the team ran any scans on January 14, 2021 is not a good answer, because the web server log does not show any signs of a penetration test or a scan. The log shows only 404 errors on image files, which are not typical of a penetration test or a scan, which would usually target different types of files, ports, or vulnerabilities. Checking with the penetration testing team will not help the analyst to identify non-relevant events, but rather distract the analyst from the actual events and possibly create false alarms.

https://www.professormesser.com/network-plus/n10-008/n10-008-video/general-network-troubleshooting-n10-008/

Show Answer
asked 02/10/2024
marwan albahar
33 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms