Question 2

Question

[Detection Engineering]
An analyst considers an alert with the category of lateral movement to be allowed and not needing
to be checked in the future. Based on the image below, which action can an engineer take to address
the requirement?
https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/XDR-ENGINEER/page_18_img_1.jpg

Accepted Answer

Create an alert exclusion rule by using the alert source and alert name

LukeK · Answer

It's B. Honestly, these alert exclusion rule questions are always worded weird but that's the option that handles future alerts cleanly.

Priya O. · Answer

Not D, B since it asks about future alerts, but does "best" mean least risky for compliance?

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE