Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 212-82 Topic 17 Question 32 Discussion

Actual exam question for Eccouncil's 212-82 exam
Question #: 32
Topic #: 17
[All 212-82 Questions]

Camden, a network specialist in an organization, monitored the behavior of the organizational network using SIFM from a control room. The SIEM detected suspicious activity and sent an alert to the camer

a. Based on the severity of the incident displayed on the screen, Camden made the correct decision and immediately launched defensive actions to prevent further exploitation by attackers.

Which of the following SIEM functions allowed Camden to view suspicious behavior and make correct decisions during a security incident?

Show Suggested Answer Hide Answer
Suggested Answer: C

The IP address of the attacker is 10.10.1.16. This can be verified by analyzing the Windows.events.evtx file using a tool such as Event Viewer or Log Parser. The file contains several Audit Failure logs with event ID 4625, which indicate failed logon attempts to the system. The logs show that the source network address of the failed logon attempts is 10.10.1.16, which is the IP address of the attacker3. The screenshot below shows an example of viewing one of the logs using Event Viewer4: Reference: Audit Failure Log, [Windows.events.evtx], [Screenshot of Event Viewer showing Audit Failure log]


Contribute your Thoughts:

Cherelle
4 hours ago
I think the correct answer is C) Dashboard. The question specifically mentions that Camden was able to monitor the behavior of the network and view the severity of the incident on the screen, which suggests the use of a SIEM dashboard.
upvoted 0 times
...
Glenn
8 days ago
I believe Data aggregation also played a crucial role as it collects and correlates data from multiple sources to identify patterns of suspicious behavior.
upvoted 0 times
...
Scot
11 days ago
I agree with Francisca, Dashboard provides a visual representation of the network activity which helps in making quick decisions.
upvoted 0 times
...
Francisca
12 days ago
I think the SIEM function that allowed Camden to view suspicious behavior and make correct decisions is Dashboard.
upvoted 0 times
...

Save Cancel