A penetration tester was able to connect to a company's internal network and perform scans and staged attacks for the duration of the testing period without being noticed. The SIEM did not alert the security team to the presence of the penetration tester's devices on the network. Which of the following would provide the security team with notification in a timely manner?
A) Implement rogue system detection and sensors
B) Create a trigger on the IPS and alert the security team when unsuccessful logins occur
C) Decrease the correlation threshold for alerts on the SIEM
D) Run a credentialed vulnerability scan
Correct Answer:
Verified
Q611: When an initialization vector is added to
Q612: Given the following output: Q613: Penetration testing is distinct from vulnerability scanning Q614: A developer has just finished coding a Q615: An organization prefers to apply account permissions Q617: A security team received reports of increased Q618: An organization requires three separate factors for Q619: Which of the following is MOST likely Q620: An auditor requiring an organization to perform Q621: A security analyst performs a vulnerability scan
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents