350-701 · Question #252
350-701 Question #252: Real Exam Question with Answer & Explanation
The correct answer is A: file access from a different user. The various suspicious patterns for which the Cisco Tetration platform looks in the current release + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process
Question
Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users?
Options
- Afile access from a different user
- Binteresting file access
- Cuser login suspicious behavior
- Dprivilege escalation
Explanation
The various suspicious patterns for which the Cisco Tetration platform looks in the current release + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
Topics
Community Discussion
No community discussion yet for this question.