0 items
- Description
CYB 205 Wk 4 – Apply: Signature Assignment: Audit Logs
At the end of the lab, you will be asked to respond to the following in a 2- to 2.5-page response at the end of your Microsoft Word document:
Describe what information was contained in the logs and what value they might have in a security investigation.
Address the following in your response:
- Think about the challenges of getting all the Active Directory audit policy settings right. For an infrastructure administrator, how important are these types of settings?
- What are the risks associated with logging too little data or not auditing the correct events?
- What are the risks associated with logging too many events?
- When the default configuration is to create audit logs, what impact can this have on security incident investigations?
- This was just a single domain with 2 systems on a local LAN. How much more complicated would auditing and log management be for 100 computers? What about an enterprise with 10,000 computers in several domains on their LAN/WAN?
- Considera cloud-hosted Infrastructure as a Service (IaaS) environment with many new, Internet-accessible systems regularly being built and brought online. What challenges might there be managing audit policies and logs in such an environment?
Finally, conclude this week’s assignment with a page explaining how the tools and processes demonstrated in the labs might be used by an infrastructure administrator to help secure an environment.
Submit your assignment.