300-215 Question #70: Real Exam Question with Answer & Explanation

Sign in or unlock 300-215 to reveal the answer and full explanation for question #70. The question stem and answer options stay visible for context.

Submitted by renata2k· Mar 6, 2026Incident Response Techniques

Question

Refer to the exhibit. A security analyst is reviewing alerts from the SIEM system that was just implemented and notices a possible indication of an attack because the SSHD system just went live and there should be nobody using it. Which action should the analyst take to respond to the alert?

Options

AInvestigate the alert by checking SSH logs and correlating with other relevant data in SIEM.
BReset the admin password in SSHD to prevent unauthorized access to the system at scale.
CIgnore the alert and continue monitoring for further activity because the system was just
DImmediately block the IP address 192.168.1.100 from accessing the SSHD environment.

Unlock 300-215 to see the answer

You've previewed enough free 300-215 questions. Unlock 300-215 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock 300-215 - $49.99 / 30 days Sign in

Topics

#SIEM analysis#incident investigation#log correlation#SSH security

Full 300-215 Practice Browse All 300-215 Questions