Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 350-201 Topic 7 Question 80 Discussion

Actual exam question for Cisco's 350-201 exam
Question #: 80
Topic #: 7
[All 350-201 Questions]

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Rolland at Jan 28, 2024, 12:57 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Romana
6 months ago
You know, I've been scratching my head on this one too. But I think the answer has to be C) containment. We can't just jump straight to eradication and recovery without making sure the threat is fully contained, can we? That's just asking for trouble.
upvoted 0 times
Cassi
5 months ago
Containment is the first line of defense in incident response.
upvoted 0 times
...
Bo
5 months ago
After containment, we can proceed with eradication and recovery.
upvoted 0 times
...
Jamal
5 months ago
Containment buys us time to analyze the situation thoroughly.
upvoted 0 times
...
Kenda
5 months ago
Let's focus on limiting the spread of the malware before we move on to eradication.
upvoted 0 times
...
Jani
5 months ago
Containment also allows for a more controlled approach to recovery.
upvoted 0 times
...
Paris
5 months ago
Once we have the threat contained, we can work on eradicating it.
upvoted 0 times
...
Devora
5 months ago
I agree, containment is crucial to prevent further damage.
upvoted 0 times
...
...
Brittni
6 months ago
Haha, you guys are really overthinking this, aren't you? It's clearly post-incident activity. We've already done the hard work of identifying and containing the threat, so now it's time to document the whole process, learn from our mistakes, and make sure this doesn't happen again.
upvoted 0 times
...
Lyndia
6 months ago
I don't know, man. I was thinking maybe eradication and recovery would be the way to go. I mean, we've already detected and analyzed the threat, so now it's time to get rid of that nasty malware and restore the system to its former glory.
upvoted 0 times
...
Helene
6 months ago
Whoa, this question is tricky! I mean, we've already identified the malware and stopped it from spreading, so I think the next logical step would be containment, don't you guys think? We need to make sure that host is isolated and the threat is fully contained before we can move on to the next phase.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77