4.3 Incident Investigation

Question 1

Syslog

Answer 1

centralized log management solution. By looking through the logs on the Syslog server, the technician could determine which service failed on which server since all the logs are retained on the Syslog server from all of the network devices and servers

Question 2

Network Mapping

Answer 2

Network mapping is conducted using active and passive scanning techniques and could help determine which server was offline, but not what caused the interruption

Question 3

Firewall Logs

Answer 3

help determine why the network connectivity between a host and destination may have been disrupted

Question 4

NIDS

Answer 4

network intrusion detection system (NIDS) is used to detect hacking activities, denial of service attacks, and port scans on a computer network. It is unlikely to provide the details needed to identify why the network service was interrupted

Question 5

Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?

10. 15.1.100
11. 186.1.100
12. 16.1.100
13. 168.1.100

Answer 5

determine if an IP address is a publicly routable IP (external connection) or private IP (internal connection). During your CompTIA A+, Network+, and Security+ studies, you should have learned that private IP addresses are either 10.x.x.x, 172.16-31.x.x, or 192.168.x.x. All other IP addresses are considered publicly routable over the internet (except localhost and APIPA addresses). Therefore, the answer must be 192.186.1.100 since it is not a private IP address