CompTIA Network+ (N10-008) — Question 166

A network attack caused a network outage by wiping the configuration and logs of the border firewall. Which of the following sources, in an investigation to determine how the firewall was compromised, can provide the MOST detailed data?

Answer options

• A. Syslog server messages
• B. MIB of the attacked firewall
• C. Network baseline reports
• D. NetFlow aggregate data

Correct answer: A

Explanation

The Syslog server messages would provide the most detailed data as they contain logs of events and errors from the firewall, which can help identify what actions led to the compromise. The MIB of the firewall may provide some information, but it won't detail the events leading to the attack. Network baseline reports and NetFlow aggregate data offer less specific information about the actual incident compared to Syslog messages.