CompTIA CySA+ (CS0-003) — Question 12

An incident response team receives an alert to start an investigation of an internet outage. The outage is preventing all users in multiple locations from accessing external SaaS resources. The team determines the organization was impacted by a DDoS attack. Which of the following logs should the team review first?

Answer options

• A. CDN
• B. Vulnerability scanner
• C. DNS
• D. Web server

Correct answer: C

Explanation

The correct answer is C, as DNS logs are critical in understanding how requests are being resolved and can reveal if the DDoS attack is targeting DNS services. The other logs, like CDN, Vulnerability scanner, and Web server logs, may provide useful information but are less directly related to the initial investigation of a connectivity issue caused by a DDoS attack.