Q: 7
When reviewing alert evidence, which of the following provides the clearest insight into the root cause of
an attack?
Options
Discussion
A tbh, since ITDR logs can sometimes reveal identity-based attack paths or compromised credentials, which could expose the initial vector. I know forensic host data (B) is solid for direct evidence, but if user creds are abused via SSO or federation, logs might be clearer on root cause in those edge cases. Disagree?
I don’t think it’s A here. Forensic data from affected hosts (B) actually shows what happened on the machine, like process trees and artifacts, so you can trace cause directly. The question wants root cause, not just detection logs.
Why does Palo Alto keep throwing random options like C into these? Its A
D imo. Clarity in the question is great, cool to see straightforward wording.
Be respectful. No spam.
