An analyst is becoming overwhelmed with the number of events that need to be investigated for a timeline. Which of the following should the analyst focus on in order to move the incident forward?
The impact of each event will help prioritize which events need immediate attention based on how much damage they can cause or are causing to the organization. Prioritizing events by their impact allows the analyst to address the most critical issues first and then work down the list to less impactful ones. This approach helps in efficiently utilizing resources and time, and in moving the incident response process forward in a structured manner.
Let's say you have 10 incidents to analyze, 9 of them are with Impact Medium and 1 is High. All of them were detected an hour ago so you are already behind your SLA for detection. To You have to prioritize so you focus on the incident with Impact High.
I am going to go with C.. Had some trouble picking an answer between A and C.
Definition from Comptia Certmaster:
Mean time to detect - A metric that measures the average time between the initial appearance of a security incident and its detection. It is an essential metric in security incident management as it can help organizations understand potential gaps in their response processes.
If the analyst can reduce the MTTD, it will be a faster process to move the incident forward which will reduce the number of event the analyst has.
Impact would assess the event and will be able to prioritize them but the analyst is concerned with the number of events. Impact analysis will not help the analyst to reduce the number of events to investigate, it will just forward them with orders in priority.
But, if you're overwhelmed by tickets surely acting on the tickets that have the most impact is more worthwhile? Ideally, you would reduce MTTD but I think given the question states the analyst is overwhelmed that you should prioritise the high impact tickets.
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kmelaun
5 months, 3 weeks agosection8santa
7 months agovoydd
9 months agoRobV
9 months, 3 weeks agomightybluepen
9 months, 4 weeks agostolleryp
9 months, 3 weeks agoRezaee
10 months ago