EC-Council
312-39 · Question #2
312-39 Question #2: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #2. The question stem and answer options stay visible for context.
Question
A Security Operations Center (SOC) analyst receives a high-priority alert indicating unusual user activity. An employee account is attempting to access company resources from a different country and outside of their normal working hours. This behavior raises concerns about potential account compromise or unauthorized access. To automate the initial response and quickly restrict access while further investigating the incident, which SOAR playbook would be relevant to adapt and implement?
Options
- AAlert Enrichment SOAR Playbook
- BDeprovisioning Users SOAR Playbook
- CMalware Containment SOAR Playbook
- DPhishing Investigations SOAR Playbook
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.