Practice Question · CISSP Study Group

Practice Question

A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have been generated by the security information and event management (SIEM) system . What PRIMARY action should be taken to improve SIEM performance?

A. Implement role-based system monitoring

B. Audit firewall logs to identify the source of login attempts

C. Enhance logging detail

D. Confirm alarm thresholds

7 comments