Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 350-201 Topic 9 Question 102 Discussion

Actual exam question for Cisco's 350-201 exam
Question #: 102
Topic #: 9
[All 350-201 Questions]

Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Freeman at Nov 15, 2024, 04:07 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Delmy
5 months ago
I'm gonna go with compromised root access. Who needs a database or network when you can just log in as an admin, right? *laughs* But seriously, this sounds like a classic case of privileged account abuse.
upvoted 0 times
Jame
4 months ago
D) compromised network
upvoted 0 times
...
Pauline
4 months ago
C) compromised database tables
upvoted 0 times
...
Paris
4 months ago
B) compromised root access
upvoted 0 times
...
Shayne
4 months ago
A) compromised insider
upvoted 0 times
...
...
Kattie
5 months ago
I dunno, this one's tricky. Could be a compromised insider, could be a network issue. Gonna need to do some more digging to figure this one out. *scratches head* Maybe the engineer should try turning it off and on again?
upvoted 0 times
...
Leatha
5 months ago
I'm not sure, but compromised network also seems like a possible answer.
upvoted 0 times
...
Shonda
5 months ago
I agree with Miss, the creation date matching suspicious network traffic points to an insider threat.
upvoted 0 times
...
Leonor
5 months ago
Definitely a compromised insider. The timing and the privileges of the users are a dead giveaway. Gotta stay vigilant against those inside jobs, you know?
upvoted 0 times
...
Jenifer
5 months ago
Hmm, I'd say it's a compromised insider here. The suspicious username creation and network traffic points to an internal threat, not a database or network compromise.
upvoted 0 times
Dominga
4 months ago
B) compromised root access
upvoted 0 times
...
Carolann
5 months ago
Yes, I agree. The evidence points to an insider threat.
upvoted 0 times
...
Ashlyn
5 months ago
A) compromised insider
upvoted 0 times
...
...
Miss
5 months ago
I think the answer is A) compromised insider.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77