CompTIA CySA+ CS0-003 Practice Question
A security administrator at your organization has implemented a new system for tracking and managing privileged accounts, including setting up automated alerts for unusual activity. However, a recent review found that many alerts were being ignored. What is the most important action the security administrator should take to address this issue?
Ignore low-priority alerts and focus only on high-priority ones
Review and fine-tune the criteria for generating alerts to ensure they are meaningful and actionable.
Create additional alert types to ensure all types of unusual activities are captured
Consult a third-party auditor for recommendations on handling alerts