Exam4Training

Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint.

Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
A . Patching logs
B. Threat feed
C. Backup logs
D. Change requests
E. Data classification matrix

Answer: D

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version