CompTIA Security+ (SY0-601) — Question 698

A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?

Answer options

• A. SIEM correlation dashboards
• B. Firewall syslog event logs
• C. Network management solution login audit logs
• D. Bandwidth monitors and interface sensors

Correct answer: A

Explanation

The correct answer is A, as SIEM correlation dashboards aggregate and analyze data from various sources to provide insights into security incidents, including the timing of breaches. While Firewall syslog event logs and Network management solution login audit logs provide valuable information, they do not correlate data across multiple devices as effectively as SIEM solutions. Bandwidth monitors and interface sensors focus on network performance rather than security events.