An analyst is reviewing multiple warnings from a network aggregator. The aggregator logs suspicious connections from different endpoints and services. One endpoint hosts sensitive customer records. Which approach ensures more attention is given to events that pose a larger risk, based on their potential harm?
Investigate warnings in chronological order, starting with the oldest alerts
Filter by severity and potential harm, giving priority to endpoints hosting confidential information
Pick alerts randomly for review to ensure equal attention is given to each potential threat
Concentrate on the sources generating the greatest number of alerts first
The most effective approach bases alert handling on severity and risk. Alerts from systems containing sensitive information typically warrant higher concern. Approaches that rely on chronological order or random selection do not factor in an event’s potential harm. Concentrating on volume can overlook critical events that may be few but serious.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a network aggregator?
Open an interactive chat with Bash
Why is filtering by severity more effective than chronological order in alert management?
Open an interactive chat with Bash
How can systems determine the severity of an alert?