CompTIA CASP+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Enhance your CompTIA CASP+ exam readiness with our comprehensive quizzes. Sharpen your skills with detailed flashcards and multiple choice questions, each with hints and in-depth explanations. Prepare effectively for this challenging exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What action should a security administrator take after discovering local web server logs have been deleted during a web server attack?

  1. Enhance the firewall rules

  2. Reconfigure the IDS for better monitoring

  3. Install additional logging mechanisms

  4. Conduct a vulnerability assessment

The correct answer is: Reconfigure the IDS for better monitoring

After discovering that local web server logs have been deleted during a web server attack, it's crucial to focus on improving monitoring capabilities to detect and respond to future incidents more effectively. Reconfiguring the Intrusion Detection System (IDS) is an important step because the deletion of logs indicates a potential compromise or a deliberate attempt by attackers to cover their tracks. By adjusting the IDS, the security administrator can refine the detection rules and improve the system's sensitivity to suspicious activities, thus increasing the chance of identifying similar attacks moving forward. It is also beneficial to note that simply enhancing firewall rules, installing additional logging mechanisms, or conducting a vulnerability assessment may not address the immediate concern of detecting ongoing or future intrusions. While those actions are valuable for overall security posture and post-incident management, they do not directly enhance real-time monitoring and alerting capabilities, which is critical in the event of a suspected breach.

More Questions Like This