A security analyst is investigating a potential brute-force attack where an unauthorized user attempted to gain access to several user accounts. Which type of log would be the MOST useful for tracking the successful and failed login attempts associated with this incident?
Authentication logs are the most useful source for this investigation as they specifically record events related to user access, including successful and failed login attempts, timestamps, and source IP addresses. This information is crucial for identifying patterns consistent with a brute-force attack. Firewall logs show network traffic but lack details about application-level authentication success or failure. System logs might contain some of this data but are broader in scope, recording general OS events. DNS logs track domain name resolutions and would not contain login attempt information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are authentication logs the most useful for investigating brute-force attacks?
Open an interactive chat with Bash
What is the difference between a firewall log and an authentication log?
Open an interactive chat with Bash
How can timestamps and source IP addresses in authentication logs help during an investigation?