An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
To identify the impacted host in a cybersecurity incident involving a command-and-control server, both network and firewall logs should be analyzed. Network logs will help trace the communication paths and identify the devices that communicated with the command-and-control server. Firewall logs provide records of all incoming and outgoing traffic, which includes any potentially malicious activities and connections to external servers. Together, these logs will give a comprehensive view of the network communications and help pinpoint the compromised host.
D. Network E. Firewall
Answer: C. DHCP E. Firewall C: Impacted host. To trace back any suspicious network activity to a specific device E: Firewall logs contain records of all incoming and outgoing traffic