Certified SOC Analyst (CSA) — Question 40

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

Answer options

• A. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
• B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
• C. DNS/ Web Server logs with IP addresses.
• D. Apache/ Web Server logs with IP addresses and Host Name.

Correct answer: D

Explanation

The correct answer is D because Apache/Web Server logs provide detailed information about incoming requests, including IP addresses and hostnames, which are essential for tracing the source of Tor traffic. The other options either lack hostname information or do not focus on web traffic, making them less suitable for identifying Tor traffic origins.