Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?
While the SIEM (Security Information and Event Management) system is crucial for monitoring and analyzing security events, starting with the Domain Controller is more direct in this scenario. Here’s why:
Immediate Issue: The domain controller is the system that has gone down, so investigating it first helps address the immediate problem.
Central Role: The domain controller manages user authentication and access, so its failure could have widespread impacts on the network.
Root Cause Analysis: By starting with the domain controller, you can identify whether the issue is isolated to that system or if it’s part of a larger problem.
After addressing the domain controller, you can then use the SIEM to analyze logs and events for additional context and to understand any broader security implications.
no, if you have SIEM, your DC log should be available in SIEM as well
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aqeel1506
4 months, 1 week agoericccong
2 years, 9 months agoChaoticda
2 years, 11 months ago[Removed]
1 year, 1 month ago