CompTIA Updated SY0-701 Exam Questions and Answers by macy

Since the logs on the endpoint were deleted, the next best option for the analyst is to examine firewall logs. Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.

IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.

ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.

Windows security logs would have been ideal if they had not been deleted

The best answer is A. Access lists.

To ensure that only authorized devices can enter or connect to an environment, the organization needs a control that explicitly allows approved devices and denies unapproved ones. Access lists are used to define which devices, systems, or addresses are permitted access.

This can include allowlists based on:

device identifiers

MAC addresses

IP addresses

approved system entries

predefined access control rules

Why the other options are incorrect:

B. Remote connectionThis is a method of connecting, not a control that determines which devices are authorized.

C. Screened subnetsA screened subnet helps separate public-facing systems from internal systems, but it does not directly ensure only authorized devices can enter.

D. Centralized proxyA proxy mediates traffic requests, but it is not the primary control for allowing only authorized devices into an environment.

From a Security+ perspective, restricting access to only approved devices is best aligned with allow/deny rules through access lists, so A is the strongest answer.

Detailed Explanation:Data sovereignty refers to the principle that data stored in another country remains subject to the originating country’s laws. This is a common concern in cloud computing. Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: " Data Sovereignty and Regulatory Compliance " ​​.