Multiple Choice
An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?
A) Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
B) Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
C) Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
D) Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts
Correct Answer:
Verified
Correct Answer:
Verified
Q52: An engineer has created a bash script
Q53: Engineers are working to document, list, and
Q54: A company's web server availability was breached
Q55: Refer to the exhibit. A threat actor
Q56: A SOC team is informed that a
Q58: What is the impact of hardening machine
Q59: What is the difference between process orchestration
Q60: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q61: An engineer receives a report that indicates
Q62: An engineer detects an intrusion event inside