A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would
the administrator check?

A.
Firewall

B.
Application

C.
IDS

D.
Security

Explanation:
The security log records events such as valid and invalid logon attempts, as well as events related to resource use, such as the creating, opening, or deleting of
files. For example, when logon auditing is enabled, an event is recorded in the security log each time a user attempts to log on to the computer. You must be
logged on as Administrator or as a member of the Administrators group in order to turn on, use, and specify which events are recorded in the security log.
Incorrect Answers:
A: A firewall is a hardware device or a software application designed to restrict what data traffic can enter or leave the network. A firewall log logs which traffic has
been allowed through the firewall and which traffic it has blocked. It does not record attempted logon events. Therefore, this answer is incorrect.
B: The Application log contains events logged by applications or programs. For example, a database program might record a file error in the application log.
Program developers decide which events to log. It does not record attempted logon events. Therefore, this answer is incorrect.
C: An IDS (Intrusion Detection System) is used to detect attempts to access computer systems on a network. The IDS log will log intrusion attempts to access the
systems. It does not record attempted logon events specifically as a security event log does. Therefore, this answer is incorrect.

https://technet.microsoft.com/en-us/library/cc722404.aspx?f=255&MSPPError=-2147217396