CompTIA Security+ (SY0-701) — Question 162
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
Answer options
- A. Application
- B. Authentication
- C. DHCP
- D. Network
- E. Firewall
- F. Database
Correct answer: D, E
Explanation
The correct answers are D (Network) and E (Firewall) because these logs provide information on network traffic and security events that can reveal which hosts were communicating with the command-and-control server. The other options either do not provide relevant network connectivity data or are not directly related to identifying impacted hosts in this context.