CompTIA Security+ (SY0-701) — Question 181

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Answer options

• A. IPS
• B. Firewall
• C. AСL
• D. Windows security

Correct answer: B

Explanation

The correct answer is B, the Firewall logs, as they are crucial for monitoring outbound traffic and can reveal attempts to connect to unauthorized servers. IPS logs (A) primarily focus on intrusion detection and prevention, while ACL logs (C) pertain to access control lists, and Windows security logs (D) are more about user authentication and system events, making them less relevant in this scenario.