CompTIA Security+ (SY0-601) — Question 301

A security analyst is reviewing computer logs because a host was compromised by malware. After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

Answer options

• A. Dump file
• B. System log
• C. Web application log
• D. Security log

Correct answer: B

Explanation

The system log is crucial because it records events related to system operations, including errors and shutdowns. This information can help trace the sequence of events leading to the infection. The dump file may contain memory data, while web application and security logs are less relevant for diagnosing system-level issues.