Cisco Exam 350-201 Topic 9 Question 102 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 102
Topic #: 9

Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

Acompromised insider

Bcompromised root access

Ccompromised database tables

Dcompromised network

Show Suggested Answer

Suggested Answer: D

by Freeman at Nov 15, 2024, 04:07 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Leatha

8 days ago

I'm not sure, but compromised network also seems like a possible answer.

upvoted 0 times

...

Shonda

10 days ago

I agree with Miss, the creation date matching suspicious network traffic points to an insider threat.

upvoted 0 times

...

Leonor

14 days ago

Definitely a compromised insider. The timing and the privileges of the users are a dead giveaway. Gotta stay vigilant against those inside jobs, you know?

upvoted 0 times

...

Jenifer

15 days ago

Hmm, I'd say it's a compromised insider here. The suspicious username creation and network traffic points to an internal threat, not a database or network compromise.

upvoted 0 times

Ashlyn

5 days ago

A) compromised insider

upvoted 0 times

...

Miss

23 days ago

I think the answer is A) compromised insider.

upvoted 0 times

...