CompTIA Cloud+ (CV0-004) — Question 1

A company’s content management system (CMS) service runs on an IaaS cluster on a public cloud. The CMS service is frequently targeted by a malicious threat actor using DDoS.
Which of the following should a cloud engineer monitor to identify attacks?

Answer options

• A. Network flow logs
• B. Endpoint detection and response logs
• C. Cloud provider event logs
• D. Instance syslog

Correct answer: A

Explanation

Monitoring network flow logs is essential for identifying DDoS attacks, as they provide insights into incoming traffic patterns and anomalies. The other options, while useful for different security purposes, do not specifically focus on traffic monitoring, making them less effective for detecting DDoS attacks.