CompTIA Security+ (SY0-601) — Question 148

During a security incident investigation, an analyst consults the company’s SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide this information?

Answer options

• A. WAF logs
• B. DNS logs
• C. System logs
• D. Application logs

Correct answer: B

Explanation

The correct answer is B, DNS logs, as they can reveal which workstations are resolving the malicious command-and-control server's domain. WAF logs (A) focus on web application traffic and may not provide insights into DNS queries. System logs (C) and Application logs (D) may contain relevant information, but they are not specifically designed to track domain name resolutions, making them less effective for this purpose.