A security specialist sees repeated attempts to open privileged ports throughout the day in a shared resource environment. Which approach is the BEST way to investigate if these attempts indicate malicious behavior without causing unnecessary downtime?
Prevent incoming requests and deploy a fresh system image to remove possible intrusions
Return the system to a prior snapshot and send notifications to all users
Add additional resources to manage unexpected traffic and avoid resource depletion
Collect log entries from multiple sources and analyze them for trends that deviate from normal usage
Reviewing logs across multiple sources and analyzing usage details helps confirm whether unusual port attempts follow a harmful pattern. Blocking traffic and creating a new environment risks data loss and does not isolate the cause. Reverting to a previous snapshot or adding more capacity does not provide the necessary insight into suspicious attempts. Evaluating logs over a specified timeframe allows targeted detection of repeated requests and correlates them with known trends.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a privileged port?
Open an interactive chat with Bash
How can log analysis identify malicious behavior?
Open an interactive chat with Bash
Why is restoring a snapshot not the best option for investigating suspicious activity?