ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-85 All Questions

View all questions & answers for the 312-85 exam
Go to Exam

Exam 312-85 topic 1 question 15 discussion

Actual exam question from ECCouncil's 312-85
Question #: 15
Topic #: 1
[All 312-85 Questions]

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

  • A. Unusual outbound network traffic
  • B. Unexpected patching of systems
  • C. Unusual activity through privileged user account
  • D. Geographical anomalies
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bigbear246 at Oct. 25, 2022, 9:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bigbear246
Highly Voted 1 year, 8 months ago
The correct answer is D - Geographical Anomalies: • Geographical anomalies: Analyst monitor the network access and collect the data related to access requests from unidentified and unusual geographical locations. The unusual login or access request from the geographical locations where the organization has no usual business to carry out indicates compromise in the network.
upvoted 6 times
...
BionicBeaver
Most Recent 11 months ago
Selected Answer: D
Answer is D As per Module 04 Page 355 of CTIA Courseware
upvoted 1 times
...
Anzk
11 months, 2 weeks ago
Answer is D. reference on page 126 EC Council courseware.
upvoted 2 times
...
keloki2020
11 months, 4 weeks ago
Answer is D: Geographical Anomalies "Geographical Anomalies Irregular login patterns can be used as evidence of compromise. Login attempts from locations where the organization does not have business relations resemble that confidential information being stolen. Analyzing multiple logins from different locations in a short time span tagged with the location may reveal evidence of compromise. "
upvoted 1 times
...
LordXander
1 year, 2 months ago
Selected Answer: C
No mention of a privileged accpint
upvoted 1 times
...
Art007
1 year, 5 months ago
Selected Answer: D
Would also have to go with Geographical anomalies as there is no mention of privileged accounts in the question and the logins come from multiple geographical locations.
upvoted 3 times
...
pinguin666
1 year, 8 months ago
Selected Answer: D
Geographical anomalies as it comes from multiple countries and loacations. Nothing mentioned about PRIVILEGED account either.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel