Back to Network Monitoring

Event Logging

5 minutes 5 Questions

Event logging is the process of recording significant events in a network, providing administrators with a detailed history and context for troubleshooting and audit purposes. Log files store information about events, such as changes in configuration, login attempts, or system errors. By examining …

Test mode:
Start practice test
CompTIA Network+ - Event Logging Example Questions

Test your knowledge of Event Logging

Question 1

You are a network administrator tasked with identifying a sudden increase in network bandwidth usage. You suspect there is unauthorized access or malware. Which of the following event logging types would be most helpful to investigate this incident?

Correct Answer: Security logs

Security logs would be the most helpful to investigate a sudden increase in network bandwidth usage and the suspicion of unauthorized access or malware. Security logs record each event as it happens on your network providing details of unauthorized access attempts, changes in user permissions, and any activities that could possibly breach your security. Other logs such as Application logs, System logs, and Service logs are also important but they focus on the functioning of applications, system errors, and services running in the background respectively and hence might not directly indicate a security breach.

Question 2

You are called to investigate repeated server crashes. After reviewing the event logs, you notice a pattern of errors leading up to the crashes. Which of the following actions should you take first?

Correct Answer: Analyze the errors and identify the root cause

The best course of action when noticing a pattern of errors leading up to server crashes is to 'Analyze the errors and identify the root cause'. This will help determine what is causing the crashes and facilitate the development of a solution to prevent them in the future. 'Clear the event logs' is an incorrect course of action because it eliminates the data necessary for diagnosing the problem. 'Disable event logging' is similarly incorrect as it would only prevent us from collecting valuable information about the server's behavior. Lastly, 'Ignore the errors and only focus on the crash events' is incorrect because the errors may provide valuable insight into why the crashes are occurring.

Question 3

Your network team is setting up a new server, and you are asked to configure event logging to suit the needs of your IT security policy. Which feature allows you to define when log entries are overwritten or archived?

Correct Answer: Log Retention Policy

The answer is Log Retention Policy. A Log Retention Policy allows you to define when log entries are overwritten or archived, this meets the needs of your IT security policy in terms of data retention and regulatory compliance. Log Filtering is incorrect because it only involves the process of removing or isolating certain logs based on specific criteria, it doesn't control when log entries are overwritten or archived. Log Rotation is also incorrect because it merely involves the process of routinely creating new log files after a certain point, and doesn't directly define when older log entries are overwritten or archived. Lastly, Log Storage is incorrect because it refers to the physical or virtual space where logs are stored, and doesn't handle the overwriting or archiving process.

More Event Logging questions
10 questions (total)
Start 10 question test