ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 40 discussion

Actual exam question from Cisco's 350-201
Question #: 40
Topic #: 1
[All 350-201 Questions]

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

  • A. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
  • B. Create a rule triggered by 1 successful VPN connection from any nondestination country
  • C. Create a rule triggered by multiple successful VPN connections from the destination countries
  • D. Analyze the logs from all countries related to this user during the traveling period
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by germx at Dec. 13, 2021, 6:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TrainingTeam
6 months, 2 weeks ago
Selected Answer: B
To detect abnormal behavior for a UK-based user traveling between three countries, creating a rule that triggers an alert for a successful VPN connection from any nondestination country is an effective strategy. This rule helps in identifying potential unauthorized access or compromised credentials if the user's account is accessed from a location where they are not supposed to be2.
upvoted 1 times
...
DrVoIP
2 years, 2 months ago
Option C would be the best approach in this scenario. The analyst should create a rule triggered by multiple successful VPN connections from the destination countries to detect abnormal behavior. By monitoring the VPN connections from the user's known destination countries, the SOC team can identify any unauthorized access attempts from other locations. This would help detect and prevent any potential security incidents related to the user's travel. Options A and B may generate false positives, and Option D may not be practical due to the large volume of logs to analyze. - ChatGPT
upvoted 1 times
...
masterchief8047
2 years, 4 months ago
D is the right answer.
upvoted 1 times
masterchief8047
2 years, 4 months ago
I take it back. B is the right answer.
upvoted 2 times
...
...
TOLU1985
2 years, 7 months ago
Selected Answer: B
Correct answer is B, why nobody correct wrong answers here?
upvoted 2 times
...
jaciro11
2 years, 8 months ago
Selected Answer: B
B its the answer
upvoted 1 times
...
germx
3 years, 4 months ago
I think it's B
upvoted 1 times
greeklover84
3 years, 4 months ago
I think it is D.
upvoted 1 times
greeklover84
3 years, 4 months ago
sorry....mistake...yes B...I misread the question.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago