ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 3 discussion

Actual exam question from Cisco's 350-201
Question #: 3
Topic #: 1
[All 350-201 Questions]

A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled. Which activity triggered the behavior analytics tool?

  • A. accessing the Active Directory server
  • B. accessing the server with financial data
  • C. accessing multiple servers
  • D. downloading more than 10 files
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CiscoTester at Nov. 28, 2021, 6:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DrVoIP
1 year, 1 month ago
All the dumps seem to share a common root source and all seem to contain the same wrong answers. Having just taken this exam, I can say that this dump is so out of date as to be almost worthless for other than a study guide.
upvoted 1 times
sz3cur3
10 months ago
Hi, Did u passed the exam. Which dump was used as primary one. Planning to take exam within a week. Thanks.
upvoted 4 times
...
...
DrVoIP
1 year, 2 months ago
Based on the information provided, the activity that most likely triggered the behavior analytics tool is: B. Accessing the server with financial data. The behavior analytics tool likely detected suspicious activity when the threat actor attempted to access the server with corporate financial data, which triggered the system to disconnect the session and disable the administrator's account. This response suggests that the system detected and responded to the threat actor's behavior, indicating that a behavior analytics tool was in place. Accessing the Active Directory server and multiple servers could be considered suspicious activity, but not necessarily indicative of a threat. Downloading more than 10 files may also be considered suspicious, but it is less likely to be the specific trigger for the behavior analytics tool in this scenario.
upvoted 1 times
...
Medjai89
1 year, 4 months ago
I also believe its B.. Because financial data is most likely under PAM( Priviliged Access management). If a admin can access these financial data , that would be dangerous. Only privileged users can access financial data, so answer must be B...
upvoted 1 times
...
TOLU1985
1 year, 7 months ago
Selected Answer: C
All dump sites show same answer - accessing multiple servers, so probably it's correct one
upvoted 1 times
...
TOLU1985
1 year, 7 months ago
All dump sites show same answer - accessing multiple servers, so probably it's correct one
upvoted 1 times
...
CiscoTester
2 years, 5 months ago
I believe the answer is B... If you have admin then it is normal to jump through many RDPs for many tasks, an admin in a financial server would be more suspicious. Accesing multiple servers would probably raise many False Positive alerts and disabled accounts.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago