0
0
Elasticsearchquery~10 mins

Audit logging in Elasticsearch - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to enable audit logging in Elasticsearch.

Elasticsearch
xpack.security.audit.enabled: [1]
Drag options to blanks, or click blank then click option'
Atrue
Bauto
Cfalse
Dnone
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'false' disables audit logging.
Using 'auto' or 'none' are invalid values.
2fill in blank
medium

Complete the code to specify the audit log output file path.

Elasticsearch
xpack.security.audit.outputs: ["logfile"]
xpack.security.audit.logfile.prefix: [1]
Drag options to blanks, or click blank then click option'
Aoutput
Bsecurity
Caudit
Dlog
Attempts:
3 left
💡 Hint
Common Mistakes
Using generic prefixes like 'log' can confuse audit logs with other logs.
Leaving prefix empty causes default naming which may be unclear.
3fill in blank
hard

Fix the error in the audit logging configuration to enable logging of authentication events.

Elasticsearch
xpack.security.audit.logfile.events.include: [1]
Drag options to blanks, or click blank then click option'
A["login", "fail"]
B["access_denied", "auth_failed"]
C["auth", "fail"]
D["access_denied", "authentication_failed"]
Attempts:
3 left
💡 Hint
Common Mistakes
Using incorrect or partial event names causes no logs to be recorded.
Using shorthand or incomplete event names.
4fill in blank
hard

Fill both blanks to configure audit logging to include both authentication and access events.

Elasticsearch
xpack.security.audit.logfile.events.include: [[1], [2]]
Drag options to blanks, or click blank then click option'
A"authentication_failed"
B"access_denied"
C"index_event"
D"connection_failed"
Attempts:
3 left
💡 Hint
Common Mistakes
Including unrelated event types causes noisy logs.
Missing one of the key event types reduces audit effectiveness.
5fill in blank
hard

Fill all three blanks to configure audit logging to output to both logfile and index, and include all events.

Elasticsearch
xpack.security.audit.enabled: [1]
xpack.security.audit.outputs: [[2]]
xpack.security.audit.logfile.events.include: [[3]]
Drag options to blanks, or click blank then click option'
Atrue
B"logfile"
CB, C
D"*"
Attempts:
3 left
💡 Hint
Common Mistakes
Not enabling audit logging disables all audit features.
Setting outputs to only one destination limits audit data.
Not including all events misses important audit information.