An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report.
What are two reasons the responder should analyze the information using Syslog? (Choose two.)
A . To have less raw data to analyze
B . To evaluate the data, including information from other systems
C . To access expanded historical data
D . To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
E . To determine the best cleanup method
Answer: BE
Latest 250-441 Dumps Valid Version with 70 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund