Cisco
350-201(NEW-127Q) · Question #26
350-201(NEW-127Q) Question #26: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #26. The question stem and answer options stay visible for context.
Threat Detection and Response
Question
A security analyst monitors an organization's network using UEBA tools to detect potential threats. During the analysis, the analyst notices unusual activities, such as a user from the marketing department accessing the finance department file server during non-business hours, a senior executive logging into the HR system from an unrecognized IP address, and a sudden increase in the number of failed login attempts on the company VPN. Based on the anomalous user entity behavior observed, which actions should the security analyst prioritize?
Options
- AUpdate antivirus software, deploy an intrusion detection system, and perform regular vulnerability scans.
- BConduct security awareness training, implement multifactor authentication, and review network segmentation.
- CImplement a stricter password policy, deploy a Web Application Firewall, and establish a Security Operations Center.
- DInvestigate potential insider threats, assess unauthorized access, and analyze VPN security configurations.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#UEBA#Insider Threat Detection#Incident Response#Behavioral Analytics