Palo_Alto_Networks
SECOPS-PRO · Question #62
SECOPS-PRO Question #62: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #62. The question stem and answer options stay visible for context.
Question
During a post-incident review of a successful ransomware attack, the incident response team identifies that initial alerts were generated but deprioritized due to an 'Information' severity classification. Analysis reveals the alerts, while individually low-fidelity, collectively pointed to a reconnaissance phase followed by credential access on a critical server. What adjustment to the incident categorization and prioritization framework would be most effective in preventing similar oversights?
Options
- AImplement an automated system to escalate any 'Information' level alert to 'Low' severity after 24
- BMandate manual review of all 'Information' severity alerts by a Tier 1 SOC analyst within 1 hour of
- CDevelop correlation rules in the SIEM (e.g., Splunk, QRadar) or SOAR (e.g., XSOAR) to elevate
- DIncrease the threshold for all network-based alerts by 50% to reduce false positives and focus
- ECategorize all alerts related to critical servers as 'High' severity by default, irrespective of the
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.