Cisco
350-201(NEW-127Q) · Question #50
350-201(NEW-127Q) Question #50: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #50. The question stem and answer options stay visible for context.
Threat Detection and Response
Question
A SIEM tool triggers an alert event due to multiple failed login attempts. The same user tried to access multiple servers within 10 minutes. Further analysis showed a specific workstation, which indicates lateral movement behaviors within the network. The engineer must identify and detect the potential elevation of privilege attack. Which potential indicators must an engineer look for to detect compromised systems?
Options
- Afailed login attempts during the last 7 days
- Busers working or logging in outside of business hours
- Cincreased activity on typically used ports
- Dunexplained system modifications
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Privilege Escalation Detection#System Compromise Indicators#Lateral Movement#Incident Response