An administrator updates the syslog forwarder configuration on a production server to use a different port, and the development team stops receiving audit logs while the security team can retrieve and search the logs. What is the most likely issue?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your skills for the CompTIA Cloud+ exam. Prepare with interactive quizzes, detailed explanations, and real exam simulations. Set the stage for your cloud certification success!

Multiple Choice

An administrator updates the syslog forwarder configuration on a production server to use a different port, and the development team stops receiving audit logs while the security team can retrieve and search the logs. What is the most likely issue?

Explanation:
Permissions and access control determine who can view and search log data, independent of how logs are transported. In this scenario, the syslog forwarder was updated, and the development team stops receiving audit logs while the security team can still retrieve and search them, which means logging is occurring and the data is stored somewhere accessible to security. The trouble lies in who is allowed to access or query that data. The security team typically has broader read privileges or inclusion in groups that grant access to the log repository or SIEM, whereas the development team lacks those permissions. So, even though logs exist, the development team cannot view or search them, which points to a permissions issue rather than a transport or forwarding misconfiguration. The other possibilities become less likely when logs are still retrievable by security: a misidentification of the server wouldn’t explain why security can access the logs, disabling the audit service would stop logging altogether for everyone, and while a wrong port could prevent receiving logs on the development side, the ability of the security team to retrieve and search indicates the logs are being collected and stored; the access control layer is the more plausible bottleneck.

Permissions and access control determine who can view and search log data, independent of how logs are transported. In this scenario, the syslog forwarder was updated, and the development team stops receiving audit logs while the security team can still retrieve and search them, which means logging is occurring and the data is stored somewhere accessible to security. The trouble lies in who is allowed to access or query that data. The security team typically has broader read privileges or inclusion in groups that grant access to the log repository or SIEM, whereas the development team lacks those permissions. So, even though logs exist, the development team cannot view or search them, which points to a permissions issue rather than a transport or forwarding misconfiguration.

The other possibilities become less likely when logs are still retrievable by security: a misidentification of the server wouldn’t explain why security can access the logs, disabling the audit service would stop logging altogether for everyone, and while a wrong port could prevent receiving logs on the development side, the ability of the security team to retrieve and search indicates the logs are being collected and stored; the access control layer is the more plausible bottleneck.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy