Cisco 100-160 Exam - Topic 2 Question 11 Discussion

Actual exam question for Cisco's 100-160 exam

Question #: 11
Topic #: 2

A SOC analyst notices repeated failed login attempts from a foreign IP address followed by a successful login to a privileged account. What is the most appropriate next step?

AReset the affected user's password and investigate the scope of compromise.

BBlock all foreign IP addresses from accessing the network.

CRun a full vulnerability scan of the corporate network.

DIgnore the event unless it happens again.

Show Suggested Answer

Suggested Answer: A

The CCST Cybersecurity course highlights that signs of brute-force attacks followed by successful access require immediate account security actions and an investigation to determine if other systems were accessed.

'When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise.'

(CCST Cybersecurity, Incident Handling, Account Compromise Response section, Cisco Networking Academy)

by Brianne at Mar 06, 2026, 12:11 AM

Limited Time Offer

25%

Off

Get Premium 100-160 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Sherita

This kind of scenario came up in our practice exam, and I think the right move is to investigate the scope of the compromise first.

upvoted 0 times

...

Ozell

5 days ago

I'm not entirely sure, but blocking all foreign IPs seems too extreme. What if we accidentally block legitimate traffic?

upvoted 0 times

...

Sabine

10 days ago

I remember we discussed how important it is to respond quickly to potential breaches, so I think resetting the password might be the best option.

upvoted 0 times

...