CompTIA Security+ SY0-701 Practice Question
During the analysis phase of an incident, an analyst is tasked with determining the scope of a suspected breach on several servers. Which data source will MOST likely provide the comprehensive information required to assess the activities on the affected servers?
Vulnerability scans
Operating system-specific security logs
Firewall logs
Packet captures