Where can a user add a note to an offense in the user interface?
A. Dashboard and Offenses Tab
B. Offenses Tab and Offense Detail Window
C. Offenses Detail Window, Dashboard, and Admin Tab
D. Dashboard, Offenses Tab, and Offense Detail Window
Answer: B
When might a Security Analyst want to review the payload of an event?
A. When immediately after login, the dashboard notifies the analyst of payloads that must be investigated
B. When “Review payload” is added to the offense description automatically by the “System: Notification” rule
C. When the event is associated with an active offense, the payload may contain information that is not normalized or extracted fields
D. When the event is associated with an active offense with a magnitude greater than 5, the payload should be reviewed, otherwise it is not necessary
Answer: C
No comments:
Post a Comment
Note: only a member of this blog may post a comment.