A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?
A) Install network taps at the edge of the network.
B) Send syslog from the IDS into the SIEM.
C) Install HIDS on each computer.
D) SPAN traffic form the network core into the IDS.
Correct Answer:
Verified
Q153: A security administrator is updating a company's
Q154: A Chief Information Security Officer (CISO) implemented
Q155: An external red team is brought into
Q156: A security engineer is analyzing an application
Q157: A Chief Information Security Officer (CISO) recently
Q159: An organization is reviewing endpoint security solutions.
Q160: Following a recent network intrusion, a company
Q161: An advanced threat emulation engineer is conducting
Q162: A Chief Information Officer (CIO) publicly announces
Q163: A forensics analyst suspects that a breach
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents