Which of the following actions should the security administrator take?

A company has hired a security administrator to maintain and administer Linux and Windowsbased systems. Written in the nightly report file is the followinG.
Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours

later the size has decreased considerably. Another hour goes by and the log files have shrunk in
size again.
Which of the following actions should the security administrator take?

A company has hired a security administrator to maintain and administer Linux and Windowsbased systems. Written in the nightly report file is the followinG.
Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours

later the size has decreased considerably. Another hour goes by and the log files have shrunk in
size again.
Which of the following actions should the security administrator take?

A.
Log the event as suspicious activity and report this behavior to the incident response team
immediately.

B.
Log the event as suspicious activity,call a manager,and report this as soon as possible.

C.
Run an anti-virus scan because it is likely the system is infected by malware.

D.
Log the event as suspicious activity,continue to investigate,and act according to the site’s
security policy.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


sergio

sergio

the correct answer is A Log the event as suspicious activity and report this behavior to the incident response team
immediately.

Farce

Farce

Wrong, its D

MArcelino

MArcelino

And what if there is no CSIRT?-..Answer is D