SY0-701 - Security Operations - Section 4.9
Given a scenario, use data sources to support an investigation.
Use log data, firewall logs, packet captures, metadata, and vulnerability scan results to reconstruct an incident timeline and establish its scope. Select packet captures when full session content is needed, and metadata or firewall logs when only connection records are available or full capture is impractical.
log datafirewall logspacket capturesmetadatavulnerability scans
More in this domain
Back to all Security Operations objectives, or the SY0-701 cert hub.
Examworthy is not affiliated with or endorsed by CompTIA. Original, blueprint-aligned practice material only.