Certified SOC Analyst (CSA) — Question 48

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

Answer options

• A. Windows Event Log
• B. Web Server Logs
• C. Router Logs
• D. Switch Logs

Correct answer: B

Explanation

Web Server Logs are the best choice for detecting traffic associated with Bad Bot User-Agents because they contain detailed information about requests made to the server, including User-Agent strings. The other options, such as Windows Event Log, Router Logs, and Switch Logs, do not provide the necessary detail regarding HTTP requests to identify bot activity effectively.