A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

While wireless access point logs can indicate potential unauthorized access to the network, they often do not provide comprehensive details about the traffic that passes through the firewall. These logs might show when a device connected to the network, but they may lack the necessary context regarding the exploit itself.

Switch logs primarily track the data traffic and connectivity between devices on the local network. They do not usually record information about the nature of the traffic or whether it was malicious. Therefore, they are less useful for identifying the time of an exploit compared to firewall logs.

Network Access Control (NAC) logs focus on the authentication and authorization of devices attempting to access the network. While they can provide insight into whether the IoT device was authenticated or not, they do not specifically log exploit attempts or provide timestamps relevant to when an exploit occurred.