CompTIA Network+ (N10-008) — Question 402
A security engineer is trying to determine whether an internal server was accessed by hosts on the internet. The internal server was shut down during the investigation. Which of the following will the engineer review to determine whether the internal server had an unauthorized access attempt?
Answer options
- A. The ARP table
- B. The NetFlow statistics
- C. The firewall logs
- D. The audit logs on the core switch
Correct answer: C
Explanation
The firewall logs will provide information about any attempts to access the internal server from external hosts, even if the server is currently shut down. The ARP table, NetFlow statistics, and audit logs on the core switch do not specifically track unauthorized access attempts to the server itself, making them less relevant for this investigation.