Which of the following actions is the BEST approach for the analyst to perform?
A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains.
Which of the following actions is the BEST approach for the analyst to perform?
A . Use the IP addresses to search through the event logs.
B . Analyze the trends of the events while manually reviewing to see if any of the indicators match.
C . Create an advanced query that includes all of the indicators, and review any of the matches.
D . Scan for vulnerabilities with exploits known to have been used by an AP
Answer: B
Latest CS0-001 Dumps Valid Version with 455 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
Inline Feedbacks
View all comments