ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 218 discussion

Actual exam question from Cisco's 200-201
Question #: 218
Topic #: 1
[All 200-201 Questions]

The SOC team has confirmed a potential indicator of compromise on an isolated endpoint. The team has narrowed the potential malware type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling the event?

  • A. Perform an AV scan on the infected endpoint.
  • B. Isolate the infected endpoint from the network.
  • C. Prioritize incident handling based on the impact.
  • D. Analyze the malware behavior.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by drdecker100 at Feb. 22, 2023, 2:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sheyshey
6 days, 23 hours ago
Selected Answer: D
ill vote D
upvoted 2 times
...
Faio
3 months ago
Answer:D - identifying comes before containing SANS Incident Response Steps Step #1: Preparation. Step #2: Identification. Step #3: Containment. Step #4: Eradication. Step #5: Recovery. Step #6: Lessons Learned.
upvoted 1 times
...
SecurityGuy
3 months, 3 weeks ago
Selected Answer: D
Keyword: Isolated endpoint. Since it is already isolated, the next step would be to analyze the malware's behavior to know what files or data it infects or how it infects the victim computer.
upvoted 4 times
...
Swordfishtaco
5 months, 2 weeks ago
Selected Answer: D
The keyword is an isolated endpoint, so now you can analyze
upvoted 4 times
...
slippery31
6 months ago
Collect public information on the malware behavior
upvoted 1 times
...
blackmetal
6 months, 3 weeks ago
Selected Answer: C
C. Prioritize incident handling based on the impact. In this step, the SOC team needs to assess the potential impact of the incident to determine its severity and prioritize their response accordingly. They consider factors such as the criticality of the affected system, the sensitivity of the data, and the potential for further spread or damage. By prioritizing incident handling based on impact, the team can allocate resources effectively and focus their efforts on containing and mitigating the most significant threats first. This step helps ensure an efficient and effective incident response process.
upvoted 1 times
...
drdecker100
9 months, 3 weeks ago
Selected Answer: B
Isolating the endpoint from the network is important to prevent the malware from spreading and potentially infecting other endpoints or systems. After isolating the endpoint, the SOC team can perform an AV scan on the infected endpoint and analyze the malware behavior to determine the extent of the compromise and develop an appropriate response plan.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago