CompTIA CySA+ (CS0-003) — Question 360

A company suspects a coordinated effort to attack their platform. Web server logs show malicious activity from many different source IP addresses located in different countries. Which of the following will best help a security analyst identify the requests connected to this campaign?

Answer options

• A. Modify the web server logs to include the X-Forwarded-For header.
• B. Create a custom SIEM query to integrate threat intel IoCs associated with the threat actor.
• C. Enrich the web server request logs with full WHOIS data on all available sources.
• D. Add GeoIP location for the source IP addresses to the log entries.

Correct answer: A

Explanation

The correct answer is A because adding the X-Forwarded-For header allows the web server to capture the original client IP address, which can help in identifying the true source of the malicious requests. Option B, while useful for threat detection, does not directly link the requests to the attack campaign. Option C provides additional information but does not effectively link the activity to the attack. Option D, while beneficial for geographic analysis, does not address the identification of the original request sources.