In incident response, which log would contain entries about security software alerts and policy violations on endpoints?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

In incident response, which log would contain entries about security software alerts and policy violations on endpoints?

Explanation:
Security software logs on endpoints are the primary source for entries about alerts and policy violations. These logs come from antivirus, EDR, and other protection tools and capture detections, blocks, quarantines, and policy enforcement actions. They provide the most direct view of what the security tools flagged or prevented on the device, which is essential for understanding the threat and the response. Operating system logs document a broad range of system events but aren’t focused on security detections from protective software. Audit logs track user actions and compliance-related events, not the ongoing security alerts from protection tools. Application logs record events from individual applications and don’t reflect centralized security enforcement across the endpoint. Therefore, the most relevant source for security alerts and policy violations is the security software logs.

Security software logs on endpoints are the primary source for entries about alerts and policy violations. These logs come from antivirus, EDR, and other protection tools and capture detections, blocks, quarantines, and policy enforcement actions. They provide the most direct view of what the security tools flagged or prevented on the device, which is essential for understanding the threat and the response. Operating system logs document a broad range of system events but aren’t focused on security detections from protective software. Audit logs track user actions and compliance-related events, not the ongoing security alerts from protection tools. Application logs record events from individual applications and don’t reflect centralized security enforcement across the endpoint. Therefore, the most relevant source for security alerts and policy violations is the security software logs.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy