TimSaysICan Training - Security+ SY0-701 PBQ

Security+ PBQ 4: Incident Response and GRC

Use logs, incident response steps, evidence handling, and risk concepts.

Back to Training Portal

Scenario

A workstation triggers an EDR alert after a user opened a malicious attachment. The SOC must follow the incident response process, preserve evidence, and brief management on risk treatment options.

Your task: Choose the best incident response activity or risk term.
Data SourceUse
Endpoint logsProcess and file activity
Firewall logsOutbound connections
SIEM dashboardCorrelated alerts

Evidence and Risk

Instructor Answer