Exam CC Topic 2 Question 300 Discussion
Actual exam question for ISC's CC exam
Question #: 300
Topic #: 2
Question #: 300
Topic #: 2
An employee launched a privilege escalation attack to gain root access on one of the organization's database servers. The employee has an authorized user account on the server. What log file would MOST likely contain relevant information?
Suggested Answer: B Vote an answer
Operating system logs are the most relevant source of information for detecting and investigating privilege escalation attacks. These logs record authentication events, privilege changes, process executions, and system- level actions.
Because the attacker already had authorized access, firewall and IDS logs may show little or no suspicious activity. Database logs focus on database-level operations, not OS privilege changes.
OS logs provide the best visibility into actions such as sudo usage, kernel exploits, and unauthorized permission changes. They are essential for forensic analysis and incident response involving insider threats.
Because the attacker already had authorized access, firewall and IDS logs may show little or no suspicious activity. Database logs focus on database-level operations, not OS privilege changes.
OS logs provide the best visibility into actions such as sudo usage, kernel exploits, and unauthorized permission changes. They are essential for forensic analysis and incident response involving insider threats.
by Nora at Mar 07, 2026, 02:49 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).