An analyst is investigating access to sensitive data on a Linux system. Data is accessible from the /secret directory and can be viewed using the ‘sudo oaf command. The specific file /secret/file_08-txt was known to be accessed in this way. After searching in the Log Activity Tab, the following results are shown.
When interpreting this, the analyst is having trouble locating events which show when the file was accessed .
Why could this be?
A . The ‘LinuxServer @ cantos’ log source has boon configured as a Faise Positive and the specific event for that file has been dropped.
B . The ‘LinuxServer @ centos’ log source has not been configured to send the relevant events to QRadar.
C . The ‘LinuxServer @ centos’ log source has coalescing configured and the specific event for that file can only be accessed by clicking on the ‘Event Count’ value.
D . The ;LinuxServer @ centos; log source has coalesscing conigured and the specific event for that file has been discardedd.
Answer: A
Leave a Reply