ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 64 discussion

Actual exam question from Cisco's 350-201
Question #: 64
Topic #: 1
[All 350-201 Questions]

An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)

  • A. domain belongs to a competitor
  • B. log in during non-working hours
  • C. email forwarding to an external domain
  • D. log in from a first-seen country
  • E. increased number of sent mails
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by CiscoTester at Nov. 29, 2021, 6:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
27ea763
4 months, 4 weeks ago
Selected Answer: BD
Going with BD as well
upvoted 1 times
...
Deco123
7 months, 2 weeks ago
It's C & E, the answer is in the question. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out.
upvoted 1 times
...
jay_c_an
1 year ago
C and D. We operates in world time so non-working hours in US doesn't equate. Hard to track all the competitors.
upvoted 1 times
...
DrVoIP
1 year, 4 months ago
The two behaviors that triggered UEBA are: B. Log in during non-working hours E. Increased number of sent mails - ChatGPT
upvoted 1 times
...
ETSec
1 year, 5 months ago
My answer is B. log in during non-working hours and C. email forwarding to an external domain UEBA (User and Entity Behavior Analytics) is a security technique that uses machine learning algorithms to identify abnormal behavior within an organization's network. In this scenario, two behaviors that likely triggered an UEBA alert are the employee logging in during non-working hours and forwarding an increased amount of emails to an external mail domain. These behaviors deviate from the employee's normal patterns of activity and may indicate an attempt to exfiltrate sensitive information to a competitor. A. domain belongs to a competitor is not a behavior, it's an information that's used in the investigation process. D. Log in from a first-seen country and E. increased number of sent mails also can be important indicators, but they are not enough to trigger UEBA alerts.
upvoted 1 times
...
balhimoh
1 year, 5 months ago
It's C and E
upvoted 1 times
...
Medjai89
1 year, 5 months ago
C &D. B is pointless if a employee works ''often'' in other countries... Please read the question. First country & external domain is the answer.
upvoted 1 times
...
cbr01
1 year, 8 months ago
I will choose C, E, because these two conditions together trigger the alert.
upvoted 1 times
...
TOLU1985
1 year, 8 months ago
Selected Answer: BD
C is pointless.
upvoted 1 times
...
jaciro11
1 year, 9 months ago
Selected Answer: BD
UEBA (User and Entity Behavior Analytics) (D). log in from a first-seen country User Behavior (B). log in during non-working hours User Behavior (C). email forwarding to an external domain This shit dont have sense... UEBA IS User and Entity Behavior Analytics REMEMBER!!
upvoted 3 times
...
AlphaOne1
1 year, 11 months ago
Could be AC https://docs.splunksecurityessentials.com/content-detail/flight_risk_email/
upvoted 1 times
...
maxson69
2 years, 6 months ago
Confirmed it's CD
upvoted 1 times
...
Bobster02
2 years, 6 months ago
I agree 100%%
upvoted 1 times
...
CiscoTester
2 years, 6 months ago
The employee travels often, hes proabaly used to working after work hours (Not B). It would be a pain to feed all competitor domains to UEBA, That was just a surprising conclusion not behavior. I think its CD
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel