ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 531 discussion

Actual exam question from CompTIA's SY0-601
Question #: 531
Topic #: 1
[All SY0-601 Questions]

An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?

  • A. Perform a vulnerability scan to identify the weak spots.
  • B. Use a packet analyzer to investigate the NetFlow traffic.
  • C. Check the SIEM to review the correlated logs.
  • D. Require access to the routers to view current sessions.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ApplebeesWaiter1122 at July 28, 2023, 12:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 1 year, 11 months ago
Selected Answer: C
A SIEM (Security Information and Event Management) system collects and aggregates logs from various sources across an enterprise's network and IT infrastructure. It can correlate and analyze these logs to identify security incidents and provide a comprehensive view of activities across the network. In the case of a data breach investigation, the SIEM can be a valuable tool to review the logs generated during the attack and trace the attacker's activities from the perimeter network to the sensitive information.
upvoted 7 times
...
cyberPunk28
Most Recent 1 year, 6 months ago
Selected Answer: C
C. Check the SIEM to review the correlated logs.
upvoted 1 times
...
sujon_london
1 year, 9 months ago
Selected Answer: C
The breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. The SIEM will be able to correlate these logs and identify the path that the attacker took. This information will be essential for the investigator to track down the attacker and identify the source of the breach.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel