Log Source Quiz: Firewall, IDS or Endpoint?

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Thames
T
Thames
Community Contributor
Quizzes Created: 7097 | Total Attempts: 80,150
| Questions: 20 | Updated: Jul 2, 2026
Quiz
Please wait...
Question 1 / 21
🏆 Rank #--
0 %
0/100
Score 0/100

1. Which log data source provides real-time visibility into encrypted traffic patterns without decrypting the payload?

Submit
Please wait...
About This Quiz
Log Source Quiz: Firewall, IDS Or Endpoint? - Quiz

This quiz assesses your ability to identify and classify log data sources in security infrastructure. You'll evaluate scenarios involving firewalls, intrusion detection systems (IDS), and endpoint devices to determine which source generated specific log entries. Understanding Log Data Sources (Security+) is critical for security analysts who must correlate events, investigate... see moreincidents, and optimize monitoring strategies across network and host-based systems. see less

2.

What first name or nickname would you like us to use?

You may optionally provide this to label your report, leaderboard, or certificate.

2. A security analyst needs to correlate three log sources to investigate a suspected breach. Which sources would provide the most complete picture?

Submit

3. Which statement best distinguishes IDS logs from firewall logs in terms of analysis focus?

Submit

4. An endpoint log records 'Registry key modified: HKLM\System\CurrentControlSet\Services.' Which monitoring type captured this?

Submit

5. Firewall logs reveal multiple connection attempts to port 443 from an internal IP to an external IP in 60 seconds. What does this pattern suggest?

Submit

6. A log shows a file was deleted from a protected directory on a Linux endpoint. Which source tracked this change?

Submit

7. An IDS generates an alert for 'Potential DDoS attack: 10,000 SYN packets from 192.168.100.0/24.' What makes this an IDS detection?

Submit

8. Which log source would capture the exact command-line arguments used when a user launched an executable?

Submit

9. A firewall log shows 'Alert: Geolocation mismatch—login from China detected.' How does this differ from typical firewall logging?

Submit

10. An endpoint generates a log when a scheduled task was created to execute at system startup. What monitoring capability detected this?

Submit

11. Which device typically generates logs containing source and destination IP addresses, ports, and protocol information for traffic passing through a network perimeter?

Submit

12. A log entry shows 'User account 'admin' failed login attempt 5 times in 10 minutes.' Which source is most likely?

Submit

13. An IDS alert shows 'Possible buffer overflow attempt detected.' Which characteristic defines this as an IDS log entry?

Submit

14. Which log source would you consult to determine if a process injected code into another running process on a Windows machine?

Submit

15. A firewall generates a log showing 'Connection denied: Source 192.168.1.50, Destination 8.8.8.8:53.' What does this indicate?

Submit

16. Endpoint logs reveal that a user executed a suspicious executable from a temporary folder. What type of monitoring captured this?

Submit

17. A log entry shows 'Alert: SQL injection payload detected in HTTP request.' Which source generated this?

Submit

18. Which log data source would best capture blocked outbound connections to known malicious IP addresses?

Submit

19. A Windows endpoint logs indicate a new service was started with administrator privileges. Which log source produced this entry?

Submit

20. An IDS detects a TCP port scan attempt on your network. What type of log entry would this generate?

Submit
×
Saved
Thank you for your feedback!
View My Results
Cancel
  • All
    All (20)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Which log data source provides real-time visibility into encrypted...
A security analyst needs to correlate three log sources to investigate...
Which statement best distinguishes IDS logs from firewall logs in...
An endpoint log records 'Registry key modified:...
Firewall logs reveal multiple connection attempts to port 443 from an...
A log shows a file was deleted from a protected directory on a Linux...
An IDS generates an alert for 'Potential DDoS attack: 10,000 SYN...
Which log source would capture the exact command-line arguments used...
A firewall log shows 'Alert: Geolocation mismatch—login from China...
An endpoint generates a log when a scheduled task was created to...
Which device typically generates logs containing source and...
A log entry shows 'User account 'admin' failed login attempt 5 times...
An IDS alert shows 'Possible buffer overflow attempt detected.' Which...
Which log source would you consult to determine if a process injected...
A firewall generates a log showing 'Connection denied: Source...
Endpoint logs reveal that a user executed a suspicious executable from...
A log entry shows 'Alert: SQL injection payload detected in HTTP...
Which log data source would best capture blocked outbound connections...
A Windows endpoint logs indicate a new service was started with...
An IDS detects a TCP port scan attempt on your network. What type of...
play-Mute sad happy unanswered_answer up-hover down-hover success oval cancel Check box square blue
Alert!