CompTIA Security+ (SY0-601) — Question 126

Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?

Answer options

• A. Activate verbose logging in all critical assets.
• B. Tune monitoring in order to reduce false positive rates.
• C. Redirect all events to multiple syslog servers.
• D. Increase the number of sensors present on the environment.

Correct answer: B

Explanation

The correct answer is B because tuning monitoring to reduce false positives allows for quicker and more accurate identification of actual threats, thereby streamlining the incident response process. Options A, C, and D do not specifically address the speed of identifying true incidents and may instead complicate the process or create unnecessary noise.