200-201 Question #530: Real Exam Question with Answer & Explanation

Sign in or unlock 200-201 to reveal the answer and full explanation for question #530. The question stem and answer options stay visible for context.

Submitted by marco_it· Mar 6, 2026Security Monitoring

Question

Refer to the exhibit. A SOC team member receives a case from his colleague with notes attached. The artifacts and alerts associated with the case must be analyzed and a conclusion must be provided. What is the cause of the alert?

Options

AAn insider threat compromised the service account to delete sensitive data.
BExternal attackers gained access and are exfiltrating data stealthily.
CA ransomware attack is underway, encrypting files and deleting originals.
DA misconfigured backup process malfunctioned, causing unexpected file changes.

Unlock 200-201 to see the answer

You've previewed enough free 200-201 questions. Unlock 200-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock 200-201 - $49.99 / 30 days Sign in

Topics

#Ransomware#Incident analysis#File encryption#Data deletion

Full 200-201 Practice Browse All 200-201 Questions