An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?
A) Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
B) Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
C) Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.
D) Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Question

Quizplus · Accepted Answer

The Answer of An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?
A) Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
B) Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
C) Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.
D) Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

An Engineer Notices That Every Sunday Night, There Is a Two-Hour