CertNexus Certified Cyber Secure Coder (CSC) — Question 67

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)

Answer options

• A. NetFlow logs
• B. Web server logs
• C. Domain controller logs
• D. Proxy logs
• E. FTP logs

Correct answer: B, C

Explanation

The correct answers are B and C. Web server logs provide direct insights into web server activity, helping to identify any unusual behavior indicative of a compromise. Domain controller logs also play a crucial role in understanding user interactions and access patterns that could signal an attack on the web server, whereas the other options do not specifically target web server activities.