A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items

that include lists of indicators for both IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?

A. Use the IP addresses to search through the event logs.

B. Analyze the trends of the events while manual

ly reviewing to see if any of the indicators match.

C. Create an advanced query that includes all of the indicators, and review any of the matches.

D. Scan for vulnerabilities with exploits known to have been used by an APT.

Explanation:

QUEST