Exam SY0-701 topic 1 question 23 discussion

Endpoint logs: Endpoint logs, also known as host logs, record events and activities that occur on individual endpoints (such as laptops, desktops, or servers). These logs can include information about processes, applications, system events, user logins, file accesses, and more. Endpoint logs are a valuable source of data for investigating security incidents on specific devices, including information about the executables running on the machine. For the investigation described in the scenario, the most appropriate data source for obtaining additional information about the executable running on the employee's corporate laptop is Endpoint logs. Endpoint logs can provide detailed insights into the processes and executables running on the machine, helping the security analyst to further analyze and respond to the potential security threat.

employees laptop=endpoint

why not application logs? these will reveal what the application actually does? unless this is something explicitly mentioned by ComTIA that it must be the system logs, i would pick the app logs

we see network we wrong

Endpoint logs can provide information about the executable in question, including its name, path, hash values, execution history, and associated processes. This data is crucial for identifying potentially malicious executables and understanding their behavior on the system.

Endpoint logs are the most suitable data source for gathering additional information about the executable running on the employee's corporate laptop. These logs contain detailed information about processes, executables, and activities occurring on the endpoint, enabling the security analyst to understand the behavior of the executable and its potential impact on the system and network.

D. Endpoint

to further clarify, endpoint logs are stored on the actual device so the data their looking for should be in endpoint logs.