Which of the following actions is the BEST approach for the analyst to perform?

CS0-001 0 Comments

A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains .

Which of the following actions is the BEST approach for the analyst to perform?
A . Use the IP addresses to search through the event logs.
B . Analyze the trends of the events while manually reviewing to see if any of the indicators match.
C . Create an advanced query that includes all of the indicators, and review any of the matches.
D . Scan for vulnerabilities with exploits known to have been used by an AP

Answer: B

Latest CS0-001 Dumps Valid Version with 455 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CS0-001 PDF     CS0-001 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments