A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?
The analyst reviews the following endpoint log entry:Which of the following has occurred?
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?
A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?
Which of the following is the first step that should be performed when establishing a disaster recovery plan?
