A security analyst observes the following events in the logs of an employee workstation: Given the information provided, which of the following MOST likely occurred on the workstation?
A) Application whitelisting controls blocked an exploit payload from executing.
B) Antivirus software found and quarantined three malware files.
C) Automatic updates were initiated but failed because they had not been approved.
D) The SIEM log agent was not tuned properly and reported a false positive.

Question

A security analyst observes the following events in the logs of an employee workstation:  Given the information provided, which of the following MOST likely occurred on the workstation?
A) Application whitelisting controls blocked an exploit payload from executing. 
B) Antivirus software found and quarantined three malware files. 
C) Automatic updates were initiated but failed because they had not been approved. 
D) The SIEM log agent was not tuned properly and reported a false positive.

Quizplus · Accepted Answer

The Answer of A security analyst observes the following events in the logs of an employee workstation:  Given the information provided, which of the following MOST likely occurred on the workstation?
A) Application whitelisting controls blocked an exploit payload from executing. 
B) Antivirus software found and quarantined three malware files. 
C) Automatic updates were initiated but failed because they had not been approved. 
D) The SIEM log agent was not tuned properly and reported a false positive.

A Security Analyst Observes the Following Events in the Logs