Exam SY0-701 Topic 5 Question 487 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 487
Topic #: 5
A security analyst is investigating a workstation that is suspected of outbound communication to a command- and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted.
Which of the following logs would the analyst most likely look at next?

Suggested Answer: B Vote an answer

Since the logs on the endpoint were deleted, the next best option for the analyst is to examine firewall logs.
Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.
* IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.
* ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.
* Windows security logs would have been ideal if they had not been deleted

by Matt at Apr 11, 2025, 12:11 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어