IT Certification exam information exchange, brain dumps discussions sharing.
You are not logged in. Please login or register.
Share Test → VCE Exam Simulator → CS0-003 topic 1 question 194
A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?
A.
XDR logs
B.
Firewall legs
C.
IDS logs
D.
MFA logs
Among the options provided, the log source that would most likely confirm the malware infection on the company-owned and managed laptop is:
A. XDR logs
XDR (Extended Detection and Response) logs aggregate and correlate data from various security sources, such as endpoint detection and response (EDR), network traffic analysis (NTA), and other security tools. These logs provide comprehensive visibility into security events and incidents across the organization's infrastructure.
If the laptop is suspected to have malware, the EDR component of the XDR solution would likely generate logs indicating suspicious or malicious behavior on the endpoint. This could include activities such as file modifications, process executions, network connections to known malicious domains, or other indicators of compromise (IOCs) associated with malware infections.
Just wanna say thanks for taking tjhe time to put in so many good, detailed answers.
I would say A. The laptop could be outside of the company network and an IDS would not have any relevant logs. Only the XDR would have logs in that situation.
XDR - IDS has nothing to do with endpoints
This is XDR logs. XDR and EDR are sometimes interchangeable terms.
IDS is traditionally associated with network traffic, and logs are typically collected from networking devices, not user workstations.
XDR -
eXtended Detection and Response
Intrusion Detection System (IDS) logs are specifically designed to monitor network traffic for suspicious or malicious activity. If the laptop is suspected to have malware, the IDS logs may capture network traffic associated with the malware's behavior, such as communication with command-and-control servers, attempts to exploit vulnerabilities, or unusual patterns of data transfer.
Share Test → VCE Exam Simulator → CS0-003 topic 1 question 194
Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.