Menu

(Solved) : 57 Alerts Received Siem Indicating Infections Multiple Computers Based Threat Characterist Q30661279 . . .

57) Alerts have been received from the SIEM, indicating infections on multiple computers_ Based on threat characteristics these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT? A) Remove those computers from the network and replace the hard drives Send the infected hard drives out for investigation Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM Run a vulnerability scan and patch discovered vulnerabilities on the next patching cycle_ Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the B) C o) instaila computer wth thesame settiesas the mfècted computers inthe oMnZ o use ata honeypot. Permit the URLs classified as uncategorized to and from that host.57) Alerts have been received from the SIEM, indicating infections on multiple computers_ Based on threat characteristics these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT? A) Remove those computers from the network and replace the hard drives Send the infected hard drives out for investigation Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM Run a vulnerability scan and patch discovered vulnerabilities on the next patching cycle_ Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the B) C o) instaila computer wth thesame settiesas the mfècted computers inthe oMnZ o use ata honeypot. Permit the URLs classified as uncategorized to and from that host. Show transcribed image text

Expert Answer

Answer to 57 Alerts Received Siem Indicating Infections Multiple Computers Based Threat Characterist Q30661279 . . .

OR


See what happens after you place this order.

Order a custom paper written from scratch according to your requirements

 

Place your order now