ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 536 discussion

Actual exam question from CompTIA's SY0-701
Question #: 536
Topic #: 1
[All SY0-701 Questions]

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

  • A. Endpoint
  • B. Application
  • C. Firewall
  • D. NAC
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Anyio at Jan. 28, 2025, 4:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tomahawk117
1 week, 4 days ago
Selected Answer: A
If this was network exploit I would have gone with C, But the question is regarding a IoT device and wants to know time of the exploit of the device's vulnerability. So endpoint logs would tell you that.
upvoted 1 times
...
Anyio
1 month, 2 weeks ago
Selected Answer: C
The correct answer is: C. Firewall Explanation: Firewall logs are the most likely to provide information about the initial exploit, as firewalls monitor and log network traffic, including attempts to exploit vulnerabilities in IoT devices. These logs can show suspicious or unauthorized connections to the IoT device, which can help identify the time of the initial exploit. Endpoint logs (A) might provide details about the affected device, but they are less likely to capture the initial network-based exploit. Application logs (B) are specific to applications and may not be relevant if the exploit targeted the IoT device itself rather than an application running on it. NAC (Network Access Control) logs (D) focus on device authentication and network access, which may not directly reveal the time of the exploit. Thus, Firewall logs are the most appropriate starting point for identifying the time of the initial exploit.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago