An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report. What are two reasons the responder should analyze the information using Syslog? (Choose two.)
A) To have less raw data to analyze
B) To evaluate the data, including information from other systems
C) To access expanded historical data
D) To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
E) To determine the best cleanup method
Correct Answer:
Verified
Q46: What are two policy requirements for using
Q47: What is the second stage of an
Q48: Which attribute is required when configuring the
Q49: Which action must an administrator perform before
Q50: Which website should an administrator browse to
Q52: Which section of the ATP console should
Q53: Which SEP technology does an Incident Responder
Q54: Why is it important for an Incident
Q55: How does an attacker use a zero-day
Q56: Which best practice does Symantec recommend with
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents