Which of the following in the incident response process is t - CompTIA Security+ SY0-701
Question
Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?
Answers
-
-
correct
-
-
Explanation
Correct Answer B. Tune monitoring in order to reduce false positive rates.
Tuning monitoring to reduce false positive rates is the best approach to improve the speed of the identification phase of the incident response process. False positives can overwhelm the response team and slow down the identification of actual incidents. By fine-tuning the monitoring systems (e.g., intrusion detection systems, SIEMs), the organization can improve the accuracy of alerts, allowing security analysts to identify true security incidents more efficiently.
Reasons the other options are incorrect:
- Activate verbose logging in all critical assets: While verbose logging can provide more detailed data, it can also create an overwhelming amount of log data. This may slow down the identification phase, as analysts would have to sift through a large volume of logs to find meaningful indicators of compromise (IoCs).
- Redirect all events to multiple syslog servers: Redirecting all events to multiple syslog servers may improve data redundancy or backup but does not directly contribute to improving the speed of identifying incidents. The focus should be on filtering and prioritizing the most relevant events.
- Increase the number of sensors present on the environment: Adding more sensors may increase visibility into the environment, but it could also generate more data, potentially increasing the load on the system and making it harder to quickly identify true incidents. The key is optimizing data collection and filtering for the most relevant information.
No Payment Cards Needed
