Exam 300-740 Topic 7 Question 106 Discussion

Actual exam question for Cisco's 300-740 exam
Question #: 106
Topic #: 7

Refer to the exhibit. An engineer is investigating an issue by using Cisco Secure Cloud Analytics. The engineer confirms that the connections are unauthorized and informs the incident management team. Which two actions must be taken next? (Choose two.)

A. Reinstall the host from a recent backup. B. Quarantine the host C. Reinstall the host from scratch. D. Create a firewall rule that has a source of linux-gcp-east-4c, a destination of Any, and a protocol of SSH. E. Create a firewall rule that has a source of Any, a destination of linux-gcp-east-4c, and a protocol of SSH.

Suggested Answer: B,E Vote an answer

Based on the alert of "Geographically Unusual Remote Access" from Secure Cloud Analytics and the SSH logs from foreign IPs, this device (linux-gcp-east-4c) has likely been compromised. According to SCAZT Section 6: Threat Response (Pages 114-117):
B: Isolating/quarantining the host is an immediate incident response step to prevent lateral movement and data exfiltration.
E: A firewall rule blocking inbound SSH to the GCP VM from external sources would be the appropriate access control response to prevent recurrence.
Options A and C (reinstallation) may be used later during recovery but are not immediate containment steps.
Blocking outgoing SSH (Option D) is less relevant than restricting inbound SSH in this scenario.
Reference: Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT), Threat Response, Pages 114-117

by Giselle at Jun 23, 2026, 09:54 AM

Limited Time Offer

15%

Off

Get Premium 300-740 Questions as Interactive Self Test Engine or PDF

Comments

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.