A security analyst wants to use lessons learned from a prior incident response to reduce dwell time in the future. The analyst is using the following data points: Which of the following would the analyst most likely recommend?
A.
Adjusting the SIEM to alert on attempts to visit phishing sites
B.
Allowing TRACE method traffic to enable better log correlation
C.
Enabling alerting on all suspicious administrator behavior
D.
Utilizing allow lists on the WAF for all users using GET methods
Currently there are no comments in this discussion, be the first to comment!
This section is not available anymore. Please use the main Exam Page.CA1-005 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Comments