350-201 Free Practice Test

An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)

1. A. domain belongs to a competitor
2. B. log in during non-working hours
3. C. email forwarding to an external domain
4. D. log in from a first-seen country
5. E. increased number of sent mails

Correct Answer: AB

An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

1. A. Host a discovery meeting and define configuration and policy updates
2. B. Update the IDS/IPS signatures and reimage the affected hosts
3. C. Identify the systems that have been affected and tools used to detect the attack
4. D. Identify the traffic with data capture using Wireshark and review email filters

Correct Answer: C