🔥 3-day streak
Professional Security Operations Engineer8 / 241
Question 8 of 241

A SOC manager reviews the quarterly observability dashboard for the security operations platform. The 'endpoint process execution' log source shows healthy ingestion volume and low parser error rates, yet the MITRE ATT&CK coverage panel indicates that the Credential Access tactic has zero mapped active detections for endpoint telemetry. Meanwhile, the alert volume dashboard shows a steady stream of Credential Access alerts sourced only from the identity provider logs. Which conclusion is best supported by these observability signals?

Reviewed for accuracy · Report an issueNext question