Q: 13
An employee who often travels abroad logs in from a first-seen country during non-working hours.
The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an
external mail domain and then logs out. The investigation concludes that the external domain
belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)
Options
Discussion
B and D. Saw a similar scenario mentioned in some exam report, both are classic UEBA triggers.
Probably B and D. The logins outside normal hours and from a first-seen country are clear UEBA triggers, since they flag deviations from usual behavior. Nice straightforward scenario for analyzing user risk patterns here.
Be respectful. No spam.
