A SIEM can be effectively used to identify active threats from internal systems by monitoring/correlating events that occur
A) when no one is logged in; for example, after hours or on weekends.
B) across an unusual range of ports or destinations; for example, all high ports.
C) irregularly; for example, only on Fridays, or only at end-of-quarter.
D) in accordance with expected systems use.
Correct Answer:
Verified
Q14: The McAfee SIEM baselines daily events over
A)
Q15: The configuration of a receiver has recently
Q16: The ESM database is unavailable for use
Q17: A backup of the ELM management database
Q18: Which of the following are the three
Q20: How often does the configuration and policy
Q21: A SIEM allows an organization the ability
Q22: A McAfee Event Receiver (ERC) will allow
Q23: The analyst has created a correlation rule
Q24: Which of the following are the Boolean
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents