Free COMPTIA Cloud+ CV0-004 Actual Exam Questions - Question 9 Discussion
The CMS service is frequently targeted by a malicious threat actor using DDoS.
Which of the following should a cloud engineer monitor to identify attacks?
Probably A. Network flow logs directly show traffic volume and sources, so they’re the best way to spot DDoS activity compared to other logs that don’t focus on network patterns as clearly.
It’s C because cloud provider event logs often include security alerts and infrastructure-level events that can hint at unusual traffic patterns or resource exhaustion from DDoS. They provide a broader perspective than just instance-level logs and can also show automated mitigation actions or scaling events triggered by the attack. While network flow logs (A) are good for detailed traffic data, the cloud provider logs give context on what’s happening across the entire service stack, which is vital for spotting and responding to DDoS threats early.
It’s A because network flow logs reveal real-time traffic spikes typical in DDoS attacks.
Maybe D, but more because syslogs on the instance might show some network errors or unusual connection attempts during an attack. Although not as detailed as network flow logs, syslogs could still reveal signs of strain or failure linked with DDoS. Cloud event logs (C) usually track infrastructure changes and won’t focus on traffic volume either. Endpoint logs (B) mainly catch malware activity, not traffic floods. So if you want a second angle besides flow logs, instance syslogs might help catch the impact on the server itself during an attack.
A. Network flow logs give the clearest view of traffic surges and sources, which is critical for spotting DDoS. Other logs don’t focus enough on traffic volume or patterns.
D imo, syslogs might not capture network-level anomalies clearly. While endpoint detection logs are useful for malware, they don’t give a full picture of traffic volumes. Network flow logs (A) track actual traffic flows, so you can spot DDoS by unusual spikes or patterns. Cloud event logs (C) are more about changes in resources or permissions, so they won’t help much with detecting attack traffic itself.
A Network flow logs will directly show traffic patterns and spikes, which are key indicators of DDoS. Cloud provider event logs might not capture the detailed network traffic needed to spot these attacks.
A vs C? I’d go with A since network flow logs can show unusual traffic spikes typical in DDoS. C seems too general and might miss the traffic details.