Multiple Choice
Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?
A) Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation
B) Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
C) Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality
D) Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine
Correct Answer:
Verified
Correct Answer:
Verified
Q71: How is a SIEM tool used?<br>A) To
Q72: A European-based advertisement company collects tracking information
Q73: A SOC engineer discovers that the organization
Q74: A cloud engineer needs a solution to
Q75: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q77: A threat actor has crafted and sent
Q78: An organization suffered a security breach in
Q79: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q80: Refer to the exhibit. A security analyst
Q81: How does Wireshark decrypt TLS network traffic?<br>A)