$89\mathrm{.}7\%$ complete

Question

An incident response analyst investigates a suspected network breach in the organization. With access to a Security Information and Event Management $($SIEM$)$ tool that aggregates and correlates data from multiple sources, which combination of data sources should the analyst primarily consider to trace the origin and pathway of the breach?

A$.$Trace the origin through packet captures, operating system $($OS$)-$specific security logs$,$ and application logs

B$.$Trace the origin through firewall logs$,$ network logs$,$ and automated SIEM reports to identify suspicious activities and potential breach pathways.

C$.$Trace the origin through authorized activities on endpoint logs$,$ metadata, and automated reports on end$-$user systems

D$.$Trace the origin through information from activities on firewall logs$,$ network logs$,$ and application logs