To which of the following groups should the analyst report this real-world event?
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator.
To which of the following groups should the analyst report this real-world event?
A . The NOC team
B. The vulnerability management team
C. The CIRT
D. The read team
Answer: C
Explanation:
The Computer Incident Response Team (CIRT) is responsible for handling incidents and ensuring that the incident response plan is followed.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 9
Latest SY0-601 Dumps Valid Version with 396 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund