nerdexam
Cisco

350-201 · Question #59

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while tr

Sign in or unlock 350-201 to reveal the answer and full explanation for question #59. The question stem and answer options stay visible for context.

Processes

Question

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network. What is the next step in handling the incident?

Options

  • ABlock the source IP from the firewall
  • BPerform an antivirus scan on the laptop
  • CIdentify systems or services at risk
  • DIdentify lateral movement

Unlock 350-201 to see the answer

You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Topics

#VPN anomaly#incident response#credential compromise#remote access
Full 350-201 Practice