Cybersecurity Bootcamp Project 3 – Windows & Apache Log Analysis – Trilogy Education Services – 2022 – Review Questions with Answers

Make a copy of this document before you begin. Place your answers below each
question.


Windows Server Log Questions
PR

Report Analysis for Severity

● Did you detect any suspicious changes in severity?
O

Yes, there were more severity levels in the “high” category than almost 35%
FD
“informational” that was seen before the attack.


Report Analysis for Failed Activities

● Did you detect any suspicious changes in failed activities?
O

Yes, there were more successes than failures after the attack.
C

Alert Analysis for Failed Windows Activity

● Did you detect a suspicious volume of failed activity?


Yes


● If so, what was the count of events in the hour(s) it occurred?


35

, ● When did it occur?


8:00 AM - 03/25/2020


● Would your alert be triggered for this activity?


Yes. It exceeded our threshold.


● After reviewing, would you change your threshold from what you previously
selected?
PR
No


Alert Analysis for Successful Logins
O
● Did you detect a suspicious volume of successful logins?


Yes
FD

● If so, what was the count of events in the hour(s) it occurred?


136
O

● Who is the primary user logging in?
C

user_j


● When did it occur?


11 AM - 03/25/2020


● Would your alert be triggered for this activity?


Yes. It exceeded our threshold of 10.