EC-Council
312-39 · Question #25
312-39 Question #25: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #25. The question stem and answer options stay visible for context.
Question
A SIEM alert is triggered due to unusual network traffic involving NetBIOS. The system log shows: "The TCP/IP NetBIOS Helper service entered the running state." Concurrently, Windows Security Event ID 4624 ("An account was successfully logged on") appears for multiple machines within a short time frame. The logon type is 3 (Network logon). Which of the following security incidents is the SIEM detecting?
Options
- AAn attacker performing lateral movement within the network
- BA user connecting to shared files from multiple workstations
- CA network administrator conducting routine maintenance
- DA malware infection spreading via SMB protocol
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.