Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Cisco
  4. CyberOps Professional
  5. 350-201 Discussions
  6. 350-201 Exam Topic 4 Question 36 Discussion
 Cisco Discussions
Exam 350-201 All Questions
Exam 350-201 All Questions

View all questions & answers for the 350-201 exam

Go to Exam

Cisco CyberOps Professional 350-201 Question # 36 Topic 4 Discussion

350-201 Exam Topic 4 Question 36 Discussion:
Question #: 36
Topic #: 4

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization’s service area. What are the next steps the engineer must take?
A.

Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

B.

Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

C.

Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in QUESTION NO:, and cross-correlate other source events.

D.

Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Get Premium 350-201 Questions
Actual exam question for Cisco 350-201 exam by Lyric7553 at May 1, 2026, 7:20:04 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit