Cisco
350-201 · Question #88
350-201 Question #88: Real Exam Question with Answer & Explanation
The correct answer is B: log in during non-working hours. UEBA (User and Entity Behavior Analytics) (D). log in from a first-seen country User Behavior (B). log in during non-working hours User Behavior
Security Monitoring
Question
An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)
Options
- Adomain belongs to a competitor
- Blog in during non-working hours
- Cemail forwarding to an external domain
- Dlog in from a first-seen country
- Eincreased number of sent mails
Explanation
UEBA (User and Entity Behavior Analytics) (D). log in from a first-seen country User Behavior (B). log in during non-working hours User Behavior
Topics
#UEBA#behavioral analytics#anomaly detection#insider threat
Community Discussion
No community discussion yet for this question.