ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 562 discussion

Actual exam question from CompTIA's SY0-601
Question #: 562
Topic #: 1
[All SY0-601 Questions]

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

  • A. A vulnerability scanner
  • B. A NGFW
  • C. The Windows Event Viewer
  • D. A SIEM
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ApplebeesWaiter1122 at July 28, 2023, 1:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 1 year, 11 months ago
Selected Answer: D
A SIEM is a centralized logging and monitoring solution that collects, analyzes, and correlates log data from various sources within an organization's network and security infrastructure. It helps security analysts to gain visibility into security events and incidents by aggregating and correlating logs from multiple systems and devices. In the scenario described, the EDR system and firewall are both generating logs that provide valuable information about the incident. By using a SIEM, the analyst can collect and correlate the logs from these different sources to get a comprehensive view of the incident. The SIEM will help the analyst identify patterns, anomalies, and potential indicators of compromise that may not be immediately apparent when reviewing individual logs in isolation.
upvoted 9 times
...
ps1hacker
Highly Voted 1 year, 2 months ago
Selected Answer: D
Basically if you see the word 'Correlated' in the question, the answer is SIEM.
upvoted 5 times
...
MortG7
Most Recent 1 year, 5 months ago
Comptia seems to be fixated on SIEM. Answer is D
upvoted 3 times
...
touisuzuki
1 year, 9 months ago
Selected Answer: D
Correlated = SIEM
upvoted 4 times
...
jade33
1 year, 10 months ago
The best tool to assist the analyst is a SIEM (Security Information and Event Management). A SIEM is a security solution that provides real-time analysis of security alerts generated by network hardware and applications. It can help the analyst correlate logs from multiple sources and identify the source of the incident.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel