ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 23 discussion

Actual exam question from CompTIA's SY0-701
Question #: 23
Topic #: 1
[All SY0-701 Questions]

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

  • A. Application
  • B. IPS/IDS
  • C. Network
  • D. Endpoint
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by e5c1bb5 at May 8, 2024, 8:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
metzen227
Highly Voted 1 year, 1 month ago
Endpoint logs: Endpoint logs, also known as host logs, record events and activities that occur on individual endpoints (such as laptops, desktops, or servers). These logs can include information about processes, applications, system events, user logins, file accesses, and more. Endpoint logs are a valuable source of data for investigating security incidents on specific devices, including information about the executables running on the machine. For the investigation described in the scenario, the most appropriate data source for obtaining additional information about the executable running on the employee's corporate laptop is Endpoint logs. Endpoint logs can provide detailed insights into the processes and executables running on the machine, helping the security analyst to further analyze and respond to the potential security threat.
upvoted 19 times
...
e5c1bb5
Highly Voted 1 year, 1 month ago
Selected Answer: D
employees laptop=endpoint
upvoted 12 times
...
leonbre
Most Recent 3 weeks, 5 days ago
Selected Answer: D
Endpoint logs provide detailed information about processes and executables running on a device, including file paths, hashes, and execution timestamps.
upvoted 2 times
...
slackbot
3 months ago
Selected Answer: A
why not application logs? these will reveal what the application actually does? unless this is something explicitly mentioned by ComTIA that it must be the system logs, i would pick the app logs
upvoted 2 times
...
justin_es6
10 months, 1 week ago
Selected Answer: C
we see network we wrong
upvoted 1 times
...
dbrowndiver
11 months ago
Selected Answer: D
Endpoint logs can provide information about the executable in question, including its name, path, hash values, execution history, and associated processes. This data is crucial for identifying potentially malicious executables and understanding their behavior on the system.
upvoted 3 times
...
SHADTECH123
1 year, 1 month ago
Selected Answer: D
Endpoint logs are the most suitable data source for gathering additional information about the executable running on the employee's corporate laptop. These logs contain detailed information about processes, executables, and activities occurring on the endpoint, enabling the security analyst to understand the behavior of the executable and its potential impact on the system and network.
upvoted 3 times
...
shady23
1 year, 1 month ago
Selected Answer: D
D. Endpoint
upvoted 1 times
...
e5c1bb5
1 year, 1 month ago
to further clarify, endpoint logs are stored on the actual device so the data their looking for should be in endpoint logs.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel