Register
A Security Operations Center (SOC) manager notices a significant increase in unclassified events on the incident handler's Security Event and Incident Management (SIEM) dashboard. At the same time, someone
18.7k views
2 votes
A Security Operations Center (SOC) manager notices a significant increase in unclassified events

on the incident handler's Security Event and Incident Management (SIEM) dashboard. At the same
time, someone or something raises the number of incidents. The manager investigates these
incidents further to ensure efficient and timely incident response. Which combination of data
sources would provide the MOST comprehensive view to support the manager's investigation?
A. Firewall logs, network traffic captured by sensors, and log files generated by operating system
(OS) components of server host computers
B. OS-specific security logs, log files generated by applications and services running on hosts, and
automated reports from the SIEM tool
C. Endpoint logs, automated reports from the SIEM tool, and metadata from end-user system
activities and summarized report incidences
D. Application and end-user system activities in log files from network-based vulnerability
scanners, application logs, and endpoint logs

User Michael Krebs
by
7.6k points

1 Answer

4 votes

Final answer:

Combination A, including firewall logs, network traffic captured by sensors, and log files generated by the operating system (OS) components of server host computers, would provide the most comprehensive view to support the manager's investigation.


Step-by-step explanation:

The MOST comprehensive view to support the manager's investigation would be provided by combination A, which includes firewall logs, network traffic captured by sensors, and log files generated by the operating system (OS) components of server host computers.

Firewall logs can provide information about incoming and outgoing network connections, while network traffic captured by sensors can detect and analyze network activity. Log files generated by the OS components of server host computers can provide information about system-level events and user activities.

By combining these three data sources, the SOC manager can have a comprehensive view of network activity, system events, and user activities, which will help in investigating the increase in unclassified events and incidents.


Learn more about Combination of data sources for investigating security incidents

User Scott Lawrence
by
7.9k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.6m questions

11.3m answers

Other Questions

The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Link Copied!