CompTIA Security+ (SY0-501) — Question 344

A security analyst is acquiring data from a potential network incident.
Which of the following evidence is the analyst MOST likely to obtain to determine the incident?

Answer options

• A. Volatile memory capture
• B. Traffic and logs
• C. Screenshots
• D. System image capture

Correct answer: B

Explanation

The correct answer is B, as traffic and logs provide critical information about network activity during the incident, helping to identify the nature and scope of the problem. While volatile memory capture, screenshots, and system image capture can also provide useful data, they are less comprehensive for understanding ongoing network interactions compared to logs and traffic data.