The intrusion detection system at a software development company suddenly generates multiple alerts
regarding attacks against the company’s external webserver, VPN concentrator, and DNS servers. What
should the security team do to determine which alerts to check first?

A.
Investigate based on the maintenance schedule of the affected systems.

B.
Investigate based on the service level agreements of the systems.

C.
Investigate based on the potential effect of the incident.

D.
Investigate based on the order that the alerts arrived in.