CompTIA Security+ (SY0-701) — Question 355

An employee used a company’s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Answer options

• A. Application logs
• B. Vulnerability scanner logs
• C. IDS/IPS logs
• D. Firewall logs

Correct answer: A

Explanation

The correct answer is A, as application logs will provide detailed records of transactions and activities within the billing system, revealing any fraudulent actions. The other options, such as vulnerability scanner logs, IDS/IPS logs, and firewall logs, focus on network security events and vulnerabilities, which are not directly related to the billing system's transactions.