Complete Question:
A network security analyst received an alert about a potential malware threat on a user’s computer. What can the analyst review to get detailed information about this compromise? Check all that apply.
A. Logs.
B. Full Disk Encryption (FDE).
C. Binary whitelisting software.
D. Security Information and Event Management (SIEM) system.
Answer:
A. Logs.
D. Security Information and Event Management (SIEM) system.
Explanation:
If a network security analyst received an alert about a potential malware threat on a user’s computer. In order to get a detailed information about this compromise, the analyst should review both the logs and Security Information and Event Management (SIEM) system.
In Computer science, logs can be defined as records of events triggered by a user, operating system and other software applications running on a computer. Log files are used to gather information stored on a computer such as user activities, system performance and software program.
Security Information and Event Management (SIEM) system is the process of gathering and integration of all the logs generated by a computer from various software application, service, process, or security tool.
These logs collected through the SIEM are shown in a format that is readable by the security analyst and this help in real-time detection of threats.
<em>Hence, logs and SIEM systems are important tools for network security analyst for detection of threats in real-time and event management functions.</em>
