Cisco
350-201(NEW-127Q) · Question #111
350-201(NEW-127Q) Question #111: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #111. The question stem and answer options stay visible for context.
Incident Handling and Response
Question
An employee who frequently travels abroad connects to a company network from a first-seen country during nonworking hours. The SIEM tool generated an alert that the employee forwarded an excessive number of emails to an external domain address and then logged off. The securing analyst investigating this event concluded that the external domain belongs to a competing organization. What should be the next two sets of actions based on the observed user behavior? (Choose two)
Options
- AReboot the employee's device and run a comprehensive malware scan on the system.
- BImmediately suspend the employee's account and notify senior management about the incident.
- CEnhance anomaly detection capabilities and update data handling policies to prevent data loss.
- DReview the company's travel policies and implement multi-factor authentication for all users.
- EConduct a detailed forensic investigation of the employee's device and email activities.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#Data Exfiltration#Insider Threats#Account Suspension