CompTIA CySA+ (CS0-001) — Question 171

Joe, a user, is unable to launch an application on his laptop, which he typically uses on a daily basis. Joe informs a security analyst of the issue. After an online database comparison, the security analyst checks the SIEM and notices alerts indicating certain .txt and .dll files are blocked. Which of the following tools would generate these logs?

Answer options

• A. Antivirus
• B. HIPS
• C. Firewall
• D. Proxy

Correct answer: C

Explanation

The correct answer is C, as a Firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules, which can lead to logging blocked files. Options A, B, and D do not primarily handle the logging of file access or blocking in the same way that a Firewall does.