Multiple Choice
An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?
A) Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
B) Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
C) Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.
D) Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.
Correct Answer:
Verified
Correct Answer:
Verified
Q59: What is the difference between process orchestration
Q60: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q61: An engineer receives a report that indicates
Q62: An engineer detects an intrusion event inside
Q63: Where do threat intelligence tools search for
Q65: The incident response team was notified of
Q66: A security architect in an automotive factory
Q67: An engineer is going through vulnerability triage
Q68: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q69: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the