nerdexam
Cisco

350-701 · Question #252

Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users?

The correct answer is A. file access from a different user. The various suspicious patterns for which the Cisco Tetration platform looks in the current release + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process

Submitted by anjalisingh· Mar 30, 2026Endpoint Protection and Detection

Question

Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users?

Options

  • Afile access from a different user
  • Binteresting file access
  • Cuser login suspicious behavior
  • Dprivilege escalation

How the community answered

(41 responses)
  • A
    93% (38)
  • B
    5% (2)
  • C
    2% (1)

Explanation

The various suspicious patterns for which the Cisco Tetration platform looks in the current release + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.

Topics

#Cisco Secure Workload#user behavior analysis#suspicious patterns#anomaly detection

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice