Cisco
350-201 · Question #12
350-201 Question #12: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201 to reveal the answer and full explanation for question #12. The question stem and answer options stay visible for context.
Question
An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?
Options
- AMeet with privileged users to increase awareness and modify the rules for threat tags and
- BChange the SOAR configuration flow to remove the automatic remediation that is increasing the
- CAdd a confirmation step through which SOAR informs the affected user and asks them to confirm
- DIncrease incorrect login tries and tune anomalous user behavior not to affect privileged accounts
Unlock 350-201 to see the answer
You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.