GCIH · Question #402
GCIH Question #402: Real Exam Question with Answer & Explanation
The correct answer is D: An event ticket should be created and escalated to the security team to investigate the attempts.. The front line team in the SOC should have the authority to escalate any events that meet the criteria of a security issue to the responsive team. By issuing a ticket to the security team, they are logging the events, collecting the information and applying a service level agreem
Question
Options
- AThe desktop teams should be notified to suspend the accounts of the users and reissue new
- BAn IDS signature should be deployed to monitor the user's logon attempts and alert the SOC of
- CEach device should be examined for any successful logon attempts within the past 24 hours.
- DAn event ticket should be created and escalated to the security team to investigate the attempts.
Explanation
The front line team in the SOC should have the authority to escalate any events that meet the criteria of a security issue to the responsive team. By issuing a ticket to the security team, they are logging the events, collecting the information and applying a service level agreement to the primary business group to handle. Failed logon attempts across multiple desktop systems for several users could indicate a manual or automated (virus/worm) attempt to probe common or collected usernames with a dictionary of pass phrases.
Community Discussion
No community discussion yet for this question.