A security analyst at a financial services company is reviewing the following alerts in the Security Information and Event Management (SIEM) system. According to incident response best practices, which of the following alerts should be investigated first?
An informational alert for a successful patch deployment on several user workstations.
A high-severity Cross-Site Scripting (XSS) vulnerability detected on a public-facing, non-critical marketing website.
Multiple low-severity failed login attempts detected on an isolated development server.
A medium-severity malware infection alert on the primary domain controller.
The correct action is to prioritize the medium-severity malware alert on the primary domain controller. A domain controller is a Tier 0 asset, and its compromise could lead to a complete network takeover, representing the highest potential impact to the business. While the XSS vulnerability is rated as high severity, it is on a less critical marketing website, making its immediate impact lower than the domain controller threat. The other alerts are of lower priority due to the lower criticality of the assets or the informational nature of the alert.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a domain controller considered a Tier 0 asset?
Open an interactive chat with Bash
What makes medium-severity malware on a domain controller more critical than a high-severity XSS vulnerability?
Open an interactive chat with Bash
How does a SIEM system help prioritize security alerts?