Cisco
350-201 · Question #37
350-201 Question #37: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201 to reveal the answer and full explanation for question #37. The question stem and answer options stay visible for context.
Security Monitoring
Question
Refer to the exhibit. An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?
Exhibit
Options
- Acompromised insider
- Bcompromised root access
- Ccompromised database tables
- Dcompromised network
Unlock 350-201 to see the answer
You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Active Directory#network compromise#insider threat#event correlation