Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs.

The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A. Enable the x-Forwarded-For header al the load balancer.

B. Install a software-based HIDS on the application servers.

C. Install a certificate signed by a trusted CA.

D. Use stored procedures on the database server.

E. Store the value of the $_server ( ‘ REMOTE_ADDR ‘ ] received by the web servers.

Answer: C

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments