An organization is reviewing their network log policies to ensure they can effectively identify unauthorized access attempts. Which of the following logging details should the organization prioritize to BEST meet this objective?
Record the source IP address for all incoming traffic
Timestamps of data transfer
The total amount of data transferred during each session
Recording the source IP address is vital for tracking the origin of network traffic and identifying potential unauthorized access attempts. Knowing where the traffic originates helps determine whether the attempts come from within the organization or from external sources. Without this information, it would be challenging to locate the source of the security threat and take appropriate actions. Timestamps alone are insufficient because they do not reveal the origin. Usernames are important for application or authentication logs but are not typically present in raw network traffic logs. The total amount of data transferred may indicate exfiltration but is less specific to detecting access attempts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the importance of logging the source IP address in network traffic?
Open an interactive chat with Bash
Why are timestamps insufficient for detecting unauthorized network access?
Open an interactive chat with Bash
When are usernames more appropriate in logging compared to source IP addresses?