ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 113 discussion

Actual exam question from Cisco's 350-201
Question #: 113
Topic #: 1
[All 350-201 Questions]

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?

  • A. Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
  • B. Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
  • C. Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.
  • D. Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by germx at Dec. 17, 2021, 7:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
germx
Highly Voted 3 years ago
C is correct
upvoted 6 times
...
marceus
Most Recent 4 months, 2 weeks ago
Selected Answer: C
ChatGPT: The unusual network activity occurring every Sunday night from global locations outside the service area suggests a potential unauthorized access attempt or misconfiguration. The engineer should analyze SIEM and StealthWatch logs to determine the access points, services involved, and whether this activity is malicious. Cross-correlating other events will help in identifying any related security incidents. If the activity is deemed malicious, the next step should be blocking unauthorized traffic and strengthening access controls.
upvoted 1 times
...
Alizade
1 year ago
Selected Answer: C
C. Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.
upvoted 1 times
...
DrVoIP
1 year, 10 months ago
The next steps the engineer must take are to define the access points using StealthWatch or SIEM logs, understand the services being offered during the hours in question, and cross-correlate other source events. This will help to identify the root cause of the abnormal network activity, determine if it is malicious or not, and take appropriate action to address the issue. Simply accepting the SIEM issue as valid to avoid alerts from triggering on weekends or assigning the issue to the incident handling provider without further investigation may leave the organization vulnerable to potential threats. - ChatGPT
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel