After a red team exercise tested an enterprise from an external vantage point, which method best confirms that the security team tracked the simulated intrusion attempts throughout the environment?
Gathering feedback from the group that performed the simulation about systems they targeted
Asking workforce members to set new passwords after the evaluation ended
Checking user training records to confirm that employees reported suspicious communication
Examining detection logs to confirm that monitors recognized each critical step in the exercise
Examining detection logs reveals whether intrusion detection tools recognized unauthorized behaviors. Gathering secondhand feedback from the group that performed the simulation does not validate defenders’ actual detection or alerting. Checking user training records addresses social engineering tactics but does not confirm whether the environment captured technical indicators. Asking workforce members to set new passwords does not demonstrate whether suspicious activity generated alerts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are detection logs and why are they important?
Open an interactive chat with Bash
What is the purpose of a red team exercise in cybersecurity?
Open an interactive chat with Bash
How does monitoring technical indicators differ from social engineering detection?