CompTIA Security+ (SY0-601) — Question 566

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Answer options

• A. Network
• B. System
• C. Application
• D. Authentication

Correct answer: A

Explanation

The correct answer is A, as network logs can provide information on outbound connections made by the user's device, indicating if the link was accessed. The other options, such as system, application, and authentication logs, do not specifically track network connections and are less relevant for this type of incident investigation.