Cisco Exam 350-201 Topic 10 Question 90 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 90
Topic #: 10

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service are

a. What are the next steps the engineer must take?

AAssign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

BReview the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

CDefine the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.

DTreat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Show Suggested Answer

Suggested Answer: A, D

by Lonny at Jun 22, 2024, 02:59 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Pearline

2 months ago

Option B is a bit extreme, like using a sledgehammer to crack a nut. The engineer should definitely dig deeper and get a clear understanding of what's going on before taking drastic action.

upvoted 0 times

Frederick

8 days ago

Option B is a bit extreme, like using a sledgehammer to crack a nut. The engineer should definitely dig deeper and get a clear understanding of what's going on before taking drastic action.

upvoted 0 times

...

Jutta

15 days ago

C) Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.

upvoted 0 times

...

Florinda

15 days ago

Option B is a bit extreme, like using a sledgehammer to crack a nut. The engineer should definitely dig deeper and get a clear understanding of what's going on before taking drastic action.

upvoted 0 times

...

Lina

1 months ago

C) Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.

upvoted 0 times

...

Herminia

1 months ago

A) Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

upvoted 0 times

...

Ettie

1 months ago

A) Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

upvoted 0 times

...

Jutta

2 months ago

Calling the incident handling provider? That's like calling the plumber to fix your computer. I think the engineer should use their investigative skills and get to the bottom of this.

upvoted 0 times

...

Alonso

2 months ago

Accepting this as a false positive is a terrible idea! That's like ignoring a fire alarm just because it's the weekend. Who knows what kind of havoc could be happening on the network.

upvoted 0 times

Arlyne

3 days ago

User 4: We should definitely define the access points and understand the services being offered during that time.

upvoted 0 times

...

Candra

7 days ago

User 3: Let's review the SIEM and FirePower logs to see what's going on.

upvoted 0 times

...

Kimberely

16 days ago

User 2: I agree, we can't just ignore unusual network activity.

upvoted 0 times

...

Selma

2 months ago

User 1: We need to take this seriously and investigate further.

upvoted 0 times

...

Keith

2 months ago

Option C seems like the most thorough approach. Defining the access points and understanding the services being offered during those hours will help pinpoint the root cause.

upvoted 0 times

Eleonore

1 months ago

User 2: I agree, but we should also define the access points using StealthWatch or SIEM logs to understand the services being offered during that time.

upvoted 0 times

...

Novella

1 months ago

User 1: I think we should review the SIEM and FirePower logs to block all traffic and document the results.

upvoted 0 times

...

Hildred

2 months ago

I believe defining the access points using StealthWatch or SIEM logs is crucial to understand the services being offered during that time.

upvoted 0 times

...

In

2 months ago

I agree with Nobuko. Blocking all traffic and documenting the results is a good next step.

upvoted 0 times

...

Bobbye

2 months ago

The engineer should definitely investigate this further. Blocking all traffic without understanding the issue could disrupt legitimate business operations.

upvoted 0 times

Ressie

18 days ago

A) Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

upvoted 0 times

...

Amie

19 days ago

The engineer should definitely investigate this further. Blocking all traffic without understanding the issue could disrupt legitimate business operations.

upvoted 0 times

...

Lorean

23 days ago

B) Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

upvoted 0 times

...

Zana

1 months ago

C) Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.

upvoted 0 times

...

Nobuko

3 months ago

I think the engineer should review the SIEM and FirePower logs.

upvoted 0 times

...