Jan 25 • 🙋♂️ CISSP
Practice Question
Your Security Information and Event Management (SIEM) system has generated numerous alerts indicating suspicious network activity. You need to determine the severity and scope of the potential incident. Which of the following actions should you take FIRST?
a) Immediately block all network traffic to prevent any further damage.
b) Conduct an incident response triage to analyze the alerts, correlate events, and determine the potential impact.
c) Notify law enforcement and regulatory authorities about the potential incident.
d) Begin restoring systems from backups to minimize downtime.
4
8 comments
Practice Question
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+41
2
+30
3
+30
4
+26
5
+24
Powered by