Question 178
Main Page
You detect unapproved systems sending logs to your SIEM. What’s the most appropriate response?
A. Delete their logs
B. Block SIEM access
C. Investigate data source origin and validate asset ownership
D. Reduce alert severity
Answer: Investigate data source origin and validate asset ownership
Unknown sources may indicate shadow IT or unauthorized activity and must be investigated.