Having the names of the 3 destination countries and the user’s working hours, what must the analyst do next to detect an abnormal behavior?

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days.

Having the names of the 3 destination countries and the user’s working hours, what must the analyst do next to detect an abnormal behavior?
A . Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
B . Create a rule triggered by 1 successful VPN connection from any nondestination country
C . Create a rule triggered by multiple successful VPN connections from the destination countries
D . Analyze the logs from all countries related to this user during the traveling period

Answer: D

Latest 350-201 Dumps Valid Version with 139 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments