AP Cybersecurity

CYBER.ORG: AP Cybersecurity – Lesson 4.9.1 – Logs

Objective:

  • Students will be able to analyze how logs can be used to support an investigation.

Standards:

CompTIA Security+ SYO-701 Objective:

4.9 – Given a scenario, use data sources to support an investigation

  • Log data
    • Firewall logs
    • Application logs
    • Endpoint logs
    • OS-specific security logs
    • IPS/IDS logs
    • Network logs
    • Metadata
  • Data sources
    • Vulnerability scans
    • Automated reports
    • Dashboards
    • Packet captures

Guiding Question:

How can logs be used to support an investigation?

Resources:

  • Lesson 4.8.1 – Incident Response.pptx Presentation available on Google Classroom

Assignment:

  1. Read the Lesson 4.9.1 – Logs.pptx presentation in today’s class.
  2. Complete the Unit 3 – Logs Check for Understanding activity using the materials provided in Google Classroom.
  3. Complete the Lab – Metadata.pptx Activity in class using the materials provided in Google Classroom.
  4. To confirm completion the lab activity, upload a screenshot displaying the metadata displayed when using exiftool on the target image file to today’s Google Classroom post.

Assigned: January 13th, 2026
Teacher Pacing Due Date: January 14th, 2026