0
0
Cybersecurityknowledge~20 mins

Logging and audit trails in Cybersecurity - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Logging and Audit Trails Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Output of syslog command filtering
What is the output of the following command on a Linux system with syslog configured?

sudo grep "ERROR" /var/log/syslog | tail -n 3

Assume the last three ERROR entries in syslog are:
1. "ERROR: Disk quota exceeded"
2. "ERROR: Failed to start service"
3. "ERROR: Network unreachable"
Cybersecurity
sudo grep "ERROR" /var/log/syslog | tail -n 3
ANo output, command returns empty
B
ERROR: Network unreachable
ERROR: Failed to start service
ERROR: Disk quota exceeded
C
ERROR: Disk quota exceeded
ERROR: Network unreachable
ERROR: Failed to start service
D
ERROR: Disk quota exceeded
ERROR: Failed to start service
ERROR: Network unreachable
Attempts:
2 left
💡 Hint
The tail command shows the last lines in the order they appear.
🧠 Conceptual
intermediate
1:30remaining
Purpose of audit trails in security
Which of the following best describes the primary purpose of audit trails in cybersecurity?
ATo automatically block unauthorized access attempts in real-time
BTo encrypt data during transmission to prevent interception
CTo record user activities and system events for accountability and forensic analysis
DTo backup system files regularly to prevent data loss
Attempts:
2 left
💡 Hint
Think about what audit trails help you do after an event happens.
Troubleshoot
advanced
2:30remaining
Troubleshooting missing log entries
A system administrator notices that some critical security events are missing from the audit log file. Which of the following is the most likely cause?
AThe audit daemon configuration excludes those event types from logging
BThe system clock is set to the wrong time zone
CThe log file permissions are set to read-only for all users
DThe disk space is sufficient and logs are rotating properly
Attempts:
2 left
💡 Hint
Consider what controls which events get logged.
🔀 Workflow
advanced
3:00remaining
Steps to secure audit logs
Which sequence of steps correctly describes how to secure audit logs to prevent tampering?
A2,1,4,3
B1,2,3,4
C1,3,2,4
D3,1,2,4
Attempts:
2 left
💡 Hint
Think about setting up, protecting, forwarding, then verifying logs.
Best Practice
expert
2:30remaining
Best practice for log retention policy
What is the best practice for defining a log retention policy in a secure environment?
ARetain logs only as long as needed to meet compliance and forensic requirements, then securely delete
BKeep all logs indefinitely to ensure no data is lost
CArchive logs without encryption to simplify access
DDelete logs daily to save disk space and improve performance
Attempts:
2 left
💡 Hint
Balance between compliance needs and storage management.