Cisco 100-160 Exam - Topic 3 Question 15 Discussion

Actual exam question for Cisco's 100-160 exam

Question #: 15
Topic #: 3

A SOC analyst notices repeated failed login attempts from a foreign IP address followed by a successful login to a privileged account. What is the most appropriate next step?

AReset the affected user's password and investigate the scope of compromise.

BBlock all foreign IP addresses from accessing the network.

CRun a full vulnerability scan of the corporate network.

DIgnore the event unless it happens again.

Show Suggested Answer

Suggested Answer: A

The CCST Cybersecurity course highlights that signs of brute-force attacks followed by successful access require immediate account security actions and an investigation to determine if other systems were accessed.

'When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise.'

(CCST Cybersecurity, Incident Handling, Account Compromise Response section, Cisco Networking Academy)

by Leah at May 14, 2026, 01:28 AM

Limited Time Offer

25%

Off

Get Premium 100-160 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Dexter

12 days ago

I remember discussing how important it is to respond quickly to potential breaches, so I think resetting the password might be the best option.

upvoted 0 times

...