How should the workflow be improved to resolve these issues?

350-201 0 Comments

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials .

How should the workflow be improved to resolve these issues?
A . Meet with privileged users to increase awareness and modify the rules for threat tags
and anomalous behavior alerts
B . Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
C . Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
D . Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Answer: B

Latest 350-201 Dumps Valid Version with 139 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 350-201 PDF     350-201 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments