Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 308
Which step in the incident response process researches an attacking host through logs in a SIEM?
Answer options
- A. detection and analysis
- B. preparation
- C. eradication
- D. containment
Correct answer: A
Explanation
The correct answer is A, detection and analysis, as this phase focuses on identifying and understanding the attack by examining relevant logs and data. The other options do not pertain to the research aspect of the incident response; preparation involves setting up defenses, eradication focuses on removing the threat, and containment aims to limit damage.