350-201(NEW-127Q) Question #47: Real Exam Question with Answer & Explanation

Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #47. The question stem and answer options stay visible for context.

Incident Investigation and Analysis

Question

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?

Options

AAssign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
BReview the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
CTreat it as a false-positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.
DDefine the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.

Unlock 350-201(NEW-127Q) to see the answer

You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock 350-201(NEW-127Q) - $49.99 / 30 days Sign in

Topics

#Incident Investigation#SIEM/Log Analysis#Network Traffic Analysis#Threat Detection

Full 350-201(NEW-127Q) Practice