The intrusion detection system at a software development company suddenly generates multiple
alerts regarding attacks against the company’s external webserver, VPN concentrator, and DNS
servers. What should the security team do to determine which alerts to check first?
A.
Investigate based on the maintenance schedule of the affected systems.
B.
Investigate based on the service level agreements of the systems.
C.
Investigate based on the potential effect of the incident.
D.
Investigate based on the order that the alerts arrived in.