Conducting Forensic Analysis and Incident Response Using Cisco Technologies (CBRFIR) — Question 2
An employee receives an email from a "trusted" person containing a hyperlink that is malvertising. The employee clicks the link and the malware downloads. An information analyst observes an alert at the SIEM and engages the cybersecurity team to conduct an analysis of this incident in accordance with the incident response plan. Which event detail should be included in this root cause analysis?
Answer options
- A. phishing email sent to the victim
- B. alarm raised by the SIEM
- C. information from the email header
- D. alert identified by the cybersecurity team
Correct answer: B
Explanation
The correct answer is B because the alarm raised by the SIEM is a direct indication of the security incident and crucial for understanding the event's timeline. Options A and C are related to the initial attack but do not provide insight into the detection process, while option D pertains to the response rather than the root cause.