A security analyst notices that an employee has installed an app on their work computer without getting permission from the IT service desk. The security analyst also notices that antivirus software recorded a potentially malicious execution on the same computer. Which of these security events should the security analyst escalate to their supervisor?1 分Neither event should be escalated.The employee installing an app without permission should be escalated.Both events should be escalated.The potentially malicious code detected by the antivirus software should be escalated.
Question
A security analyst notices that an employee has installed an app on their work computer without getting permission from the IT service desk. The security analyst also notices that antivirus software recorded a potentially malicious execution on the same computer. Which of these security events should the security analyst escalate to their supervisor?1 分Neither event should be escalated.The employee installing an app without permission should be escalated.Both events should be escalated.The potentially malicious code detected by the antivirus software should be escalated.
Solution
Both events should be escalated.
Similar Questions
A security manager is responsible for identifying and mitigating insider threats within the organization. The manager has concerns about the potential for intentional insider threats. Which scenario best describes this type of threat?A.An employee accidentally causes damage through neglect, or an outside attacker exploits them.B.A contractor knowingly uses unauthorized software or cloud services.C.A script kiddie uses hacker tools without understanding how they work.D.An employee deliberately causes damage to the organization.
A security analyst receives a notification of possible malware based on common indicators. After conducting several analyses, the analyst learns the malware used Windows PowerShell to create new malicious processes in the computer's memory. What is the analyst's computer likely infected with?A.Fileless malwareB.WormC.Boot sector virusD.Viruses
Which of the following is an example of a security event that should be communicated to a stakeholder?1 分Malicious code detected in logsIncorrect office hours posted on social mediaA tax auditThe resignation of a human resources employee
Question 4Which action can a security analyst take when they are assessing a SIEM alert?1 pointAnalyze log data and related metricsIsolate an infected network systemRestore the affected data with a clean backupCreate a final report
A security analyst in a security operations center (SOC) receives an alert. The alert ticket describes the detection of the download of a possible malware file on an employee's computer. Which step of the triage process does this scenario describe? 1 分Receive and assessAdd contextCollect and analyzeAssign priority
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.