🔥 3-day streak
CompTIA SecurityX (CAS-005)29 / 120
Question 29 of 120
A cloud-hosted web application was compromised via an exploited API endpoint. During the enterprise incident response, the DFIR team discovers that CloudTrail management events are available but the S3 data-plane access logs and the application-tier logs were only retained for 7 days—well short of the estimated 6-week dwell time. Leadership demands a root-cause determination of the initial access vector. Which action MOST effectively enables the team to reconstruct the earliest attacker activity despite the retention gap?
Reviewed for accuracy · Report an issueNext question