A security analyst notices that an employee has installed an app on their work device without getting permission from the help desk. The log indicates that potentially malicious code might have been executed on the host. Which of these security events should the security analyst escalate to a supervisor?1 分Both events should be escalated.Neither event should be escalated. The log indicating malicious code might have been executed on the host should be escalated.The employee installing an app without permission should be escalated.
Question
A security analyst notices that an employee has installed an app on their work device without getting permission from the help desk. The log indicates that potentially malicious code might have been executed on the host. Which of these security events should the security analyst escalate to a supervisor?1 分Both events should be escalated.Neither event should be escalated. The log indicating malicious code might have been executed on the host should be escalated.The employee installing an app without permission should be escalated.
Solution
Both events should be escalated.
Similar Questions
A security manager is responsible for identifying and mitigating insider threats within the organization. The manager has concerns about the potential for intentional insider threats. Which scenario best describes this type of threat?A.An employee accidentally causes damage through neglect, or an outside attacker exploits them.B.A contractor knowingly uses unauthorized software or cloud services.C.A script kiddie uses hacker tools without understanding how they work.D.An employee deliberately causes damage to the organization.
Which of the following is an example of a security event that should be communicated to a stakeholder?1 分Malicious code detected in logsIncorrect office hours posted on social mediaA tax auditThe resignation of a human resources employee
When should you escalate improper usage to a supervisor?1 分Improper usage does not need to be escalated because these are in-house scenarios that can be handled without reporting them to the security team. Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.Improper usage incidents should always be escalated out of caution.Improper usage incidents should be escalated if there is a high level of improper usage.
A(n) _____ is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled. 1 分eventsecurity incidentescalation policyplaybook
Karl, a security professional at an organization, while analyzing Windows event logs identified that a threat actor made multiple attempts to gain access to the organization’s network but failed to do so, due to strong security controls deployed on the network. Identify the type of event data discussed in the above scenario.Group of answer choicesFailure auditWarningErrorSuccess audit
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.