Certified SOC Analyst (CSA) — Question 34

Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 – 11008: User 'enable_15' executed the 'configure term' command
What does the security level in the above log indicates?

Answer options

• A. Warning condition message
• B. Critical condition message
• C. Normal but significant message
• D. Informational message

Correct answer: C

Explanation

The security level of -5 in the log indicates a normal but significant message, which is meant to highlight noteworthy events without being critical. Options A and B suggest more severe conditions that do not apply here, while option D refers to informational messages that have less significance.