Notifications
Clear all
Topic starter
05/11/2022 1:28 am
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint.
Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
- A . Patching logs
- B . Threat feed
- C . Backup logs
- D . Change requests
- E . Data classification matrix
Suggested Answer: D