Certified SOC Analyst (CSA) — Question 95
If the SIEM generates the following four alerts at the same time:
I: Firewall blocking traffic from getting into the network alerts
II: SQL injection attempt alerts
III: Data deletion attempt alerts
IV: Brute-force attempt alerts -
Which alert should be given least priority as per effective alert triaging?
Answer options
- A. III
- B. IV
- C. II
- D. I
Correct answer: D
Explanation
The alert indicating that the firewall is blocking traffic into the network (I) should be given the least priority because it suggests that the firewall is functioning as intended, preventing unauthorized access. In contrast, alerts regarding SQL injection attempts (II), data deletion attempts (III), and brute-force attempts (IV) indicate potential breaches or threats that require immediate attention.