To which of the following groups should the analyst report this real-world event?

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator.

To which of the following groups should the analyst report this real-world event?
A . The NOC team
B. The vulnerability management team
C. The CIRT
D. The read team

Answer: C

Explanation:

The Computer Incident Response Team (CIRT) is responsible for handling incidents and ensuring that the incident response plan is followed.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 9

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments