Questions: A security team is working to maintain operational visibility during a security incident involving potential indicators of compromise on a critical system. To effectively respond to the situation, what should be the primary focus of the team's investigation? System log inconsistencies Unauthorized scheduled tasks Reviewing suspicious email attachments Monitoring and analyzing anomalous activity

A security team is working to maintain operational visibility during a security incident involving potential indicators of compromise on a critical system. To effectively respond to the situation, what should be the primary focus of the team's investigation? System log inconsistencies Unauthorized scheduled tasks Reviewing suspicious email attachments Monitoring and analyzing anomalous activity
Transcript text: A security team is working to maintain operational visibility during a security incident involving potential indicators of compromise on a critical system. To effectively respond to the situation, what should be the primary focus of the team's investigation? System log inconsistencies Unauthorized scheduled tasks Reviewing suspicious email attachments Monitoring and analyzing anomalous activity
failed

Solution

failed
failed

The answer is the fourth one: Monitoring and analyzing anomalous activity.

Explanation for each option:

  1. System log inconsistencies: While system log inconsistencies can provide valuable information about potential security incidents, they are often symptoms rather than the primary focus. They can help identify when and where anomalies occurred, but they do not directly address the root cause or the ongoing nature of the incident.

  2. Unauthorized scheduled tasks: This is a specific indicator of compromise that could be part of the investigation, but focusing solely on unauthorized scheduled tasks might miss other critical aspects of the incident. It is important to consider them, but they should not be the primary focus.

  3. Reviewing suspicious email attachments: This is relevant if the incident is suspected to have originated from phishing or malicious emails. However, it is a narrow focus and may not cover other vectors or ongoing activities related to the incident.

  4. Monitoring and analyzing anomalous activity: This should be the primary focus because it encompasses a broader range of potential indicators of compromise. By monitoring and analyzing anomalous activity, the security team can identify unusual patterns, behaviors, or changes in the system that may indicate a security breach. This approach allows for a more comprehensive understanding of the incident and helps in identifying the root cause and extent of the compromise.

In summary, focusing on monitoring and analyzing anomalous activity provides a holistic view of the incident, enabling the security team to effectively respond and mitigate the threat.

Was this solution helpful?
failed
Unhelpful
failed
Helpful

Questions asked by other users

failedAnswered
2x^2 + 2y^2 + 20x + 12y - 60 = 0 is the equation of a circle with center (h, k) and radius r for: h= and k= and r=
failedAnswered
State whether the following statement is true or false. The center of the circle (x+3)^2+(y-2)^2=13 is (3,-2). Choose the correct answer below. False True
failedAnswered
A population doubles in size every 39 years. Assuming exponential growth, find the (a) Annual growth rate (b) Continuous growth rate Give your answers as a percentage, rounded to three decimal places. The annual growth rate is i %. The continuous growth rate is i %.
failedAnswered
Which of the following is a product versus a period cost? a. advertising expense b. indirect materials used c. salespersons' commissions d. depreciation on store equipment
failedAnswered
Calculate the following statistics. Round answers to two decimal places. Statistic Juniors Seniors --------- x̄ 70.14 79.84 s 8.8 6.64 CV Which class has greater variation and why?