Palo Alto Networks Cybersecurity Entry-Level Technician (PCCET) — Question 70

What should a security operations engineer de when reviewing suspicious, but successful, login activity?

Answer options

• A. Immediately disable the suspicious user until they conclude their investigation.
• B. Look for other types of suspicious activity in the moments before or after the login.
• C. Inspect the network firewall for any open ports and include those in their investigation.
• D. Review who else was logged in at the same time and inspect all active user accounts.

Correct answer: D

Explanation

The correct answer, D, is important because it helps to identify if the suspicious login is part of a larger pattern of unauthorized access. Option A is incorrect as disabling the user could disrupt legitimate activities and does not address the broader context. Option B, while relevant, does not focus on the user accounts involved, and option C pertains more to network security than user activity, which is the primary concern in this scenario.