CompTIA Security+ (SY0-601) — Question 417
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
Answer options
- A. Application
- B. Authentication
- C. Error
- D. Network
- E. Firewall
- F. System
Correct answer: D, E
Explanation
The Network and Firewall logs are crucial in identifying the impacted host as they track incoming and outgoing traffic, revealing connections to the command-and-control server. The other log types, while useful for different purposes, do not provide the necessary information to trace the network activity related to the incident.