CompTIA Security+ (SY0-701) — Question 381

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Answer options

• A. IDS
• B. Antivirus
• C. Firewall
• D. Application

Correct answer: C

Explanation

The correct answer is C, as firewall logs provide information about the traffic entering and leaving the network, making them crucial for identifying command-and-control communication. The IDS logs focus on detecting intrusions rather than traffic destinations, antivirus logs deal with malware detection rather than traffic analysis, and application logs typically do not capture network-level traffic details.