CompTIA CySA+ (CS0-003) — Question 117

A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?

Answer options

• A. XDR logs
• B. Firewall legs
• C. IDS logs
• D. MFA logs

Correct answer: A

Explanation

XDR logs are specifically designed to aggregate data from multiple sources, making them ideal for detecting malware infections. Firewall logs and IDS logs may provide some insights, but they do not offer the same level of comprehensive analysis as XDR logs. MFA logs are not relevant for confirming malware infections as they focus on authentication attempts.