An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
A) Patching logs
B) Threat feed
C) Backup logs
D) Change requests
E) Data classification matrix
Correct Answer:
Verified
Q54: An organization has not had an incident
Q55: A security analyst discovers a vulnerability on
Q56: A pharmaceutical company's marketing team wants to
Q57: A cybersecurity analyst is supporting an incident
Q58: A security analyst is conducting a post-incident
Q60: A user receives a potentially malicious email
Q61: An analyst has been asked to provide
Q62: During an incident, a cybersecurity analyst found
Q63: A developer wrote a script to make
Q64: A security analyst discovered a specific series
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents