Q: 3
Which step in the incident response process researches an attacking host through logs in a SIEM?
Options
Discussion
Checking SIEM logs to investigate a host happens during detection and analysis. Option A matches what you'd do first after spotting suspicious activity. Saw similar on a practice test, pretty sure it's A.
A tbh. Containment is tempting but the actual log research in SIEM falls under detection and analysis step not D.
Be respectful. No spam.
