CompTIA Security+ (SY0-601) — Question 206

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would MOST likely show where the malware originated?

Answer options

• A. The DNS logs
• B. The web server logs
• C. The SIP traffic logs
• D. The SNMP logs

Correct answer: A

Explanation

The DNS logs are the most relevant because they can provide records of domain name resolutions, which may indicate the websites visited that could have hosted the malware. The web server logs are less likely to pinpoint the initial infection source since they primarily record web requests rather than DNS resolutions. SIP traffic logs relate to voice communications and are not relevant to malware origin, while SNMP logs deal with network management and monitoring, which do not provide information about web browsing activities.