CISM Incident Management • Set 2
CISM Incident Management Practice Test 2 — 15 questions with explanations. Free, no signup.
Based on the SIEM alert exhibit, which immediate action should the incident responder take?
Refer to the exhibit. ``` [Alert] Correlation Rule: Multiple Failed Logins Source IP: 10.0.0.55 Destination IP: 192.168.1.10 Event Count: 150 failed logins to admin account 'jsmith' within 5 minutes Action: Triggered ```