CompTIA Security+ (SY0-501) — Question 708

An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

Answer options

• A. The vulnerability scan output
• B. The security logs
• C. The baseline report
• D. The correlation of events

Correct answer: B

Explanation

The security logs provide detailed information about access attempts, system activities, and any anomalies that could indicate how the breach occurred. While the vulnerability scan output, baseline report, and correlation of events may offer insights, they do not provide the immediate, direct evidence of the actions taken during the incident as the security logs do.