An incident response team has determined that multiple incidents are resulting from the same user action of copying sensitive data to USB devices. Which action should the incident response team take to fix this issue so only one incident per action is detected?
A) create separate policies for the different detection methods
B) combine multiple conditions into one compound rule
C) change which 'Endpoint Destinations' are monitored
D) change the monitor/ignore filters in the agent configuration
Correct Answer:
Verified
Q244: What is the most efficient method for
Q245: You are auditing a current storage environment
Q246: You are planning to install Storage Foundation
Q247: ou have gathered file I/O performance data
Q248: Which option should be used to optimize
Q250: An administrator running a company's first Discover
Q251: You are responsible for managing Veritas Enterprise
Q252: You have a system that has two
Q253: What is the default limit to the
Q254: An information security officer has detected an
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents