EC-Council
312-49V11 · Question #136
312-49V11 Question #136: Real Exam Question with Answer & Explanation
Sign in or unlock 312-49V11 to reveal the answer and full explanation for question #136. The question stem and answer options stay visible for context.
Question
A major financial institution recently observed an unusually high number of failed login attempts on a critical server. The security analyst uses Splunk Enterprise Security (ES) to investigate the logs and suspect a possible brute-force attack. After examining the Windows Event Viewer logs, the analyst detects a series of event ID 4625 (failed logins) and event ID 4624 (successful logins). Which of the following SIEM features would be MOST beneficial for the analyst to accurately pinpoint the source of the potential attack and investigate it further?
Options
- ARisk-based alerting functionality of Splunk ES
- BAdvanced analytics capabilities of Splunk ES for detection and investigation
- CReal-time threat detection capability of IBM QRadar SIEM
- DCentralized insight provided by IBM QRadar SIEM across on-premises, SaaS, and IaaS
Unlock 312-49V11 to see the answer
You've previewed enough free 312-49V11 questions. Unlock 312-49V11 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.