An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identif
Posted: Sat Jul 23, 2022 7:39 pm
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
A. Patching logs
B. Threat feed
C. Backup logs
D. Change requests Most Voted
E. Data classification matrix
A. Patching logs
B. Threat feed
C. Backup logs
D. Change requests Most Voted
E. Data classification matrix