ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 381 discussion

Actual exam question from Cisco's 200-201
Question #: 381
Topic #: 1
[All 200-201 Questions]

An engineer must create a SIEM rule to test events and traffic for spikes and changes that occur in regular patterns to detect irregularities. Which rules achieve the desired results?

  • A. anomaly
  • B. behavioral
  • C. threshold
  • D. availability
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 3000bd6 at Nov. 13, 2024, 10:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mgo28404
5 months ago
Selected Answer: A
The correct answer is: A. Anomaly Why ? : Anomaly detection rules are designed to identify deviations from established baselines or normal behavior patterns. These rules are highly effective for detecting spikes, changes, and irregularities in event and traffic patterns. Anomaly detection works by: Comparing current data to historical baselines. Identifying unusual activity, such as traffic spikes, failed login attempts, or data exfiltration attempts.
upvoted 3 times
...
ImGonnaPassIt
5 months, 2 weeks ago
Selected Answer: A
Agree. Anomaly is the answer and 'spikes' is the keyword.
upvoted 1 times
...
3000bd6
7 months, 1 week ago
Selected Answer: A
It's anomaly key word is spikes
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel