Cisco Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT) 300-740 Question # 6 Topic 1 Discussion
300-740 Exam Topic 1 Question 6 Discussion:
Question #: 6
Topic #: 1
Refer to the exhibit. An engineer is investigating an unauthorized connection issue using Cisco Secure Cloud Analytics. Which two actions must be taken? (Choose two.)
The Secure Cloud Analytics alert indicates suspicious heartbeat-based connections from an internal server (ip-10-201-0-16) to multiple suspicious IPs over UDP/port 53 (DNS). This behavior suggests command-and-control (C2) activity or botnet communications.
B: Alerting the incident response (IR) team is a critical next step in escalating a verified threat as per SCAZT Section 6 (Threat Response, Pages 114–117).
D: Blocking the identified malicious IPs on perimeter firewalls or network access control devices is an appropriate containment step to disrupt communication.
Reinstallation (A/E) is premature without a full forensic investigation. Validating IDS logs (C) is useful but not immediate response-focused compared to actions B and D.
[Reference: Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT), Section 6, Pages 114–117]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit