What are two reasons the responder should analyze the information using Syslog?

An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report.

What are two reasons the responder should analyze the information using Syslog? (Choose two.)
A . To have less raw data to analyze
B . To evaluate the data, including information from other systems
C . To access expanded historical data
D . To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
E . To determine the best cleanup method

View Answer

Answer: BE