Question

You have heard about a Trojan horse program where the compromised systems sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker.

Which log would you monitor?
a- Security
b- System
c- Firewall
d- Application

Answer 1

Monitor the firewall logs to determine if systems are sending data to a remote attacker, as these logs track traffic through the network firewall.

Step-by-step explanation:

To determine whether any of your systems are sending data to a remote attacker through a Trojan horse program via a specific TCP port, you would monitor the firewall logs.

The firewall log is responsible for recording traffic that is being blocked or allowed through the firewall, including attempts by the software to send information out of your network. If there is unexpected traffic on a port that is known to be used by the attacker, this would be a strong indication of a compromised system.

If you want to monitor whether any of your systems are sending data to a remote attacker on a specific TCP port, you would monitor the Firewall log.

The Firewall log records network traffic coming in and out of your systems, including information about the TCP ports being used. By monitoring the Firewall log, you can easily identify any suspicious traffic that may indicate a compromised system sending data to an attacker.