PCCET Question #150: Real Exam Question with Answer & Explanation

Sign in or unlock PCCET to reveal the answer and full explanation for question #150. The question stem and answer options stay visible for context.

Submitted by javi_es· Apr 18, 2026Security Operations (SOC)

Question

What should a security operations engineer de when reviewing suspicious, but successful, login activity?

Options

AImmediately disable the suspicious user until they conclude their investigation.
BLook for other types of suspicious activity in the moments before or after the login.
CInspect the network firewall for any open ports and include those in their investigation.
DReview who else was logged in at the same time and inspect all active user accounts.

Unlock PCCET to see the answer

You've previewed enough free PCCET questions. Unlock PCCET for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock PCCET - $49.99 / 30 days Sign in

Topics

#Incident Investigation#Security Monitoring#Threat Analysis#Log Analysis

Full PCCET Practice Browse All PCCET Questions