CompTIA Network+ (N10-008) — Question 710

A network security engineer is responding to a security incident. The engineer suspects that an attacker used an authorized administrator account to make configuration changes to the boundary firewall. Which of the following should the network security engineer review?

Answer options

• A. Network traffic logs
• B. Audit logs
• C. Syslogs
• D. Event logs

Correct answer: B

Explanation

The correct choice is B, Audit logs, as they provide detailed records of user activities and changes made to the system, which can help identify unauthorized modifications. Options A, C, and D may provide useful information but are less focused on tracking specific actions taken by user accounts compared to audit logs.