CompTIA Security Plus Mock Test Q609

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

A. Event
B. SQL_LOG
C. Security
D. Access

Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Event logs include Application logs, such as those where SQL Server would write entries. This is where you would see logs with details of someone trying to access a SQL database.

Incorrect Answers:
B: This log does not contain information that would provide clues that someone has been attempting to compromise the SQL Server database.
C: This log does not contain information that would provide clues that someone has been attempting to compromise the SQL Server database although the Security Event Log in Windows does contain information about attempted logins to a system. However, as another answer specifies an “Event” log, that answer is correct.
D: This log does not contain information that would provide clues that someone has been attempting to compromise the SQL Server database.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 68, 469