Certified Secure Software Lifecycle Professional (CSSLP) — Question 9

You work as a Security Manager for Tech Perfect Inc. In the organization, Syslog is used for computer system management and security auditing, as well as for generalized informational, analysis, and debugging messages. You want to prevent a denial of service (DoS) for the Syslog server and the loss of Syslog messages from other sources. What will you do to accomplish the task?

Answer options

• A. Use a different message format other than Syslog in order to accept data.
• B. Enable the storage of log entries in both traditional Syslog files and a database.
• C. Limit the number of Syslog messages or TCP connections from a specific source for a certain time period.
• D. Encrypt rotated log files automatically using third-party or OS mechanisms.

Correct answer: C

Explanation

The correct answer is C because limiting the number of Syslog messages or TCP connections from a specific source can effectively mitigate the risk of a DoS attack, ensuring the Syslog server remains operational. Options A and B do not directly address the DoS issue, and option D focuses on log security rather than preventing message loss or service disruption.