While reviving the logs at a customer site you notice that one particular device is accessing multiple servers in the environment, using a number of different user accounts. When you QUESTION NO: the IT admin, they tell you that the computer is a JumpBox and running software used to monitor all of the servers in the environment.

Would this be a logical next step? (As a next step, you should audit all of the accounts that are being used on

the JumpBox to determine if the JumpBox is being accessed by unauthorized accounts.)

You were called into a customer site to do an evaluation of installing IntroSpect for a small business. During

the discovery process, the customer asks you to explain when they would need to deploy a Packet Processor.

Does this explain the function of the Packet Processor? (The packet Processor helps if they are using the

analyzer deployed in the cloud by forwarding log data over HTTPS.)

Refer to the exhibit.

You are logged into the IntroSpect and have navigated to the Alerts list. You are trying to filter the alerts to show all malware alerts for users. Is this a correct search query? (alertcategory:malware* AND username:any)