A security administrator suspects that data on a server has been exhilarated as a result of un- authorized remote access.
Which of the following would assist the administrator in con-firming the suspicions? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BC.
To confirm the suspicion that data on a server has been accessed without authorization, the security administrator can use the following methods:
Log Analysis: This involves reviewing system logs and auditing trails to identify any anomalies or suspicious activity. The administrator can search for failed login attempts, unusual login times or locations, and other signs of unauthorized access.
File Integrity Monitoring: This involves monitoring the files and directories on the server to detect any changes or modifications that have been made without authorization. This can include changes to file permissions, file contents, or file metadata. The administrator can set up alerts to notify them of any unauthorized changes.
Other options such as Networking access control, DLP alerts, and Host firewall rules may help prevent unauthorized access, but they may not necessarily assist in confirming the suspicion that data has already been accessed without authorization.
In summary, log analysis and file integrity monitoring are two methods that can help confirm suspicions of unauthorized remote access to a server by detecting any suspicious activity and changes made to files and directories on the server.