An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint.
Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
A . Patching logs
B. Threat feed
C. Backup logs
D. Change requests
E. Data classification matrix
Answer: D
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund