A security analyst at a financial services company is reviewing the following alerts in the Security Information and Event Management (SIEM) system. According to incident response best practices, which of the following alerts should be investigated first?
Multiple low-severity failed login attempts detected on an isolated development server.
A high-severity Cross-Site Scripting (XSS) vulnerability detected on a public-facing, non-critical marketing website.
A medium-severity malware infection alert on the primary domain controller.
An informational alert for a successful patch deployment on several user workstations.
The correct action is to prioritize the medium-severity malware alert on the primary domain controller. A domain controller is a Tier 0 asset, and its compromise could lead to a complete network takeover, representing the highest potential impact to the business. While the XSS vulnerability is rated as high severity, it is on a less critical marketing website, making its immediate impact lower than the domain controller threat. The other alerts are of lower priority due to the lower criticality of the assets or the informational nature of the alert.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is incident triaging?
Open an interactive chat with Bash
Why are critical systems prioritized during incidents?
Open an interactive chat with Bash
What criteria are used to determine incident priority?