CompTIA A+ Core 2 (220-1102) — Question 477

A technician has identified malicious traffic originating from a user's computer. Which of the following is the best way to identify the source of the attack?

Answer options

• A. Investigate the firewall logs.
• B. Isolate the machine from the network.
• C. Inspect the Windows Event Viewer.
• D. Take a physical inventory of the device.

Correct answer: A

Explanation

Examining the firewall logs is the most effective method to trace the source of the malicious traffic, as these logs provide detailed records of incoming and outgoing traffic. Isolating the machine from the network can prevent further damage but does not help identify the source. Inspecting the Windows Event Viewer may provide some information but is less direct than firewall logs. Taking a physical inventory of the device does not assist in identifying the source of the attack.