| Exam 200-201 | Question id=6062 | Security monitoring |
Which step in the incident response process researches an attacking host through logs in a SIEM?
| A. |
detection and analysis | |
| B. |
preparation | |
| C. |
eradication | |
| D. |
containment |