Exam CS0-001 topic 1 question 145 discussion

Actual exam question from CompTIA's CS0-001

Question #: 145
Topic #: 1

A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?

A. The analyst is red team. The employee is blue team. The manager is white team.
B. The analyst is white team. The employee is red team. The manager is blue team.
C. The analyst is red team. The employee is white team. The manager is blue team.
D. The analyst is blue team. The employee is red team. The manager is white team.

Show Suggested Answer

Suggested Answer: D 🗳️
Reference:
https://danielmiessler.com/study/red-blue-purple-teams/

by Jeend at Jan. 6, 2023, 9:10 p.m.

Comments

Submit Cancel

Jeend

2 years, 4 months ago

employee is generating many alerts and warnings Attacker red Security analyst blue defender Secur

upvoted 1 times

...

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam

Exam CS0-001 topic 1 question 145 discussion

Comments

Jeend

SY0-701