CompTIA Security+ (SY0-701) — Question 503

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

Answer options

• A. Endpoint
• B. Application
• C. Firewall
• D. NAC

Correct answer: C

Explanation

The correct answer is C, as firewall logs are crucial for identifying unauthorized access attempts and can provide timestamps for when the exploit occurred. Endpoint and application logs may not capture the initial attack vector as effectively, and NAC logs are typically focused on network access control rather than exploit detection.