Cisco Exam 350-201 Topic 10 Question 90 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 90
Topic #: 10

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service are

a. What are the next steps the engineer must take?

AAssign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

BReview the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

CDefine the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.

DTreat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Show Suggested Answer

Suggested Answer: A, D

by Lonny at Jun 22, 2024, 02:59 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jutta

20 hours ago

Calling the incident handling provider? That's like calling the plumber to fix your computer. I think the engineer should use their investigative skills and get to the bottom of this.

upvoted 0 times

...

Alonso

9 days ago

Accepting this as a false positive is a terrible idea! That's like ignoring a fire alarm just because it's the weekend. Who knows what kind of havoc could be happening on the network.

upvoted 0 times

...

Keith

12 days ago

Option C seems like the most thorough approach. Defining the access points and understanding the services being offered during those hours will help pinpoint the root cause.

upvoted 0 times

...

Hildred

16 days ago

I believe defining the access points using StealthWatch or SIEM logs is crucial to understand the services being offered during that time.

upvoted 0 times

...

In

20 days ago

I agree with Nobuko. Blocking all traffic and documenting the results is a good next step.

upvoted 0 times

...

Bobbye

22 days ago

The engineer should definitely investigate this further. Blocking all traffic without understanding the issue could disrupt legitimate business operations.

upvoted 0 times

...

Nobuko

28 days ago

I think the engineer should review the SIEM and FirePower logs.

upvoted 0 times

...