CompTIA Security+ (SY0-701) — Question 587

A security analyst notices an increase in port scans on the edge of the corporate network. Which of the following logs should the analyst check to obtain the attacker’s source IP address?

Answer options

• A. OS security
• B. Firewall
• C. Application
• D. Endpoint

Correct answer: B

Explanation

The correct answer is B, as firewall logs are specifically designed to monitor and log incoming and outgoing traffic, including port scans, which will reveal the attacker's source IP address. The other options, such as OS security, application, and endpoint logs, do not focus primarily on network traffic and would not provide the necessary information about external scanning activities.