Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 350-201 Topic 6 Question 84 Discussion

Actual exam question for Cisco's 350-201 exam
Question #: 84
Topic #: 6
[All 350-201 Questions]

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Virgie at Apr 13, 2024, 01:22 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Felicidad
5 months ago
Post-incident activity is important too to ensure that lessons are learned and future incidents are prFelicidadnted.
upvoted 0 times
...
Laura
5 months ago
I think detection and analysis should come before containment to understand the full scope of the incident.
upvoted 0 times
...
Elly
5 months ago
I agree with Dortha, containment is crucial at this stage to prevent any additional damage.
upvoted 0 times
...
Cordelia
5 months ago
That makes sense, but I think eradication and recovery should also be considered to fully eliminate the malware.
upvoted 0 times
...
Dortha
6 months ago
I believe the next step should be containment to prevent further spread of the malware.
upvoted 0 times
...
Cordelia
6 months ago
What do you think is the next step after identifying the attacking host in an incident response?
upvoted 0 times
...
Trinidad
6 months ago
Post-incident activity is important for lessons learned and improving future responses.
upvoted 0 times
...
Thora
6 months ago
Detection and analysis should also be done to understand the full scope of the attack.
upvoted 0 times
...
Lawana
6 months ago
I believe eradication and recovery should come after containment to prevent further damage.
upvoted 0 times
...
Amber
6 months ago
But shouldn't we first eradicate and recover from the attack?
upvoted 0 times
...
Marta
7 months ago
I agree, containing the malware should be the priority.
upvoted 0 times
...
Chanel
7 months ago
I think the next step should be containment.
upvoted 0 times
...
Vivienne
8 months ago
Haha, I'm just imagining the SOC analyst jumping for joy after stopping the malware, then immediately having to deal with all the paperwork for post-incident activity.
upvoted 0 times
...
Carlee
8 months ago
Definitely C. I mean, once you've got the bad guy cornered, you don't just leave him free to cause more chaos. Gotta put him in the timeout corner, you know?
upvoted 0 times
...
Adell
8 months ago
Yeah, I think C is the correct answer. The SOC has already done the detection and analysis, so the next step is to contain the threat and prevent it from spreading further.
upvoted 0 times
...
Cory
8 months ago
But wait, what about B) post-incident activity? Couldn't that be the next step since the malware has already been stopped and the host identified?
upvoted 0 times
...
Shay
8 months ago
I agree, containment makes the most sense here. We need to ensure the infected host is isolated and the threat is contained before we can move on to the eradication and recovery phase.
upvoted 0 times
...
Leontine
8 months ago
Hmm, this seems like a straightforward incident response question. The malware has been detected and stopped, so the next logical step would be containment, right?
upvoted 0 times
Josue
6 months ago
User 4
upvoted 0 times
...
Leota
7 months ago
User 2
upvoted 0 times
...
Franklyn
7 months ago
User 1
upvoted 0 times
...
...
Nana
8 months ago
Yeah, I was thinking the same thing. Identifying the attacking host means they need to dig deeper and analyze the situation before moving on to eradication and recovery.
upvoted 0 times
...
Lawrence
8 months ago
I'm not so sure about that. The question also mentions the analyst identified the attacking host, so maybe the next step is D) detection and analysis to further investigate the incident.
upvoted 0 times
Eric
8 months ago
D) detection and analysis
upvoted 0 times
...
Nidia
8 months ago
C) containment
upvoted 0 times
...
Loise
8 months ago
B) post-incident activity
upvoted 0 times
...
Bette
8 months ago
A) eradication and recovery
upvoted 0 times
...
...
Chanel
8 months ago
Hmm, I think it might be C) containment. The question says the analyst was able to stop the malware from spreading, so the next step would be to contain the threat, right?
upvoted 0 times
...
Johnathon
8 months ago
Ugh, this question seems so tricky! I'm not sure which answer is the correct next step in the incident response workflow.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77