A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?
C. Firewall
Explanation:
The firewall logs are the best logs to review when trying to identify the destination of command-and-control (C2) traffic. Firewalls track inbound and outbound network traffic, including the source and destination IP addresses, ports, and protocols used.
IDS does not necessarily tracking the traffic for destination. Application log tracks software/applications, does not show network level traffic or the traffic for C2 server destination
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Segunmx
Highly Voted 7 months ago9149f41
Most Recent 4 months, 3 weeks ago