Exam SY0-701 Topic 3 Question 293 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 293
Topic #: 3
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Suggested Answer: C,E Vote an answer

To identify the impacted host in a command-and-control (C2) server incident, the following logs should be analyzed:
* DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
* Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers.
Analyzing these logs helps to identify the IP address and port numbers of the communicating host.
* Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.

by Newman at Jul 12, 2025, 07:07 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10