What are two reasons the responder should analyze the information using Syslog?

Posted by: Pdfprep Category: 250-441 Tags: 250-441 exam questions, 250-441 practice exam, Symantec Certification Agreement Post Date: December 16, 2020

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)
A . To have less raw data to analyze
B . To evaluate the data, including information from other systems
C . To access expanded historical data
D . To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
E . To determine the best cleanup method

Answer: BE

What are two reasons the responder should analyze the information using Syslog?

Author

Leave a Reply Cancel reply