A security analyst was asked to join an outage call for a critical web application. The web middleware support team determined the web server is running and having no trouble processing requests; however, some investigation has revealed firewall denies to the web server that began around 1.00 a.m. that morning. An emergency change was made to enable the access, but management has asked for a root cause determination. Which of the following would be the BEST next step?
A. Install a packet analyzer near the web server to capture sample traffic to find anomalies.
B. Block all traffic to the web server with an ACL.
C. Use a port scanner to determine all listening ports on the web server.
D. Search the logging servers for any rule changes