Which three procedures in Sguil are provided to security analysts to address alerts? (Choose three.)
- Expire false positives.
- Pivot to other information sources and tools.
- Construct queries using Query Builder.
- Escalate an uncertain alert.
- Correlate similar alerts into a single line.
- Categorize true positives.
Explanation: Sguil is a tool for addressing alerts. Three tasks can be completed in Sguil to manage alerts:
Alerts that have been found to be false positives can be expired.
An alert can be escalated if the cybersecurity analyst is uncertain how to handle it.
Events that have been identified as true positives can be categorized.
Exam with this question: CCNA Cyber Ops Chapter 12 Exam Answers
Exam with this question: CyberOps Associate Final Exam Answers
Please login or Register to submit your answer