ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 95 discussion

Actual exam question from Cisco's 350-201
Question #: 95
Topic #: 1
[All 350-201 Questions]

DRAG DROP -

Refer to the exhibit. The Cisco Secure Network Analytics (Stealthwatch) console alerted with `New Malware Server Discovered` and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by Bobster02 at Nov. 28, 2021, 1:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
maxson69
Highly Voted 2 years ago
CiscoTester 6 days, 2 hours ago Found the real answer on that link... Step 1 = Investigate and classify the exposure Step 2 = Search for infected hosts Step 3 = Examine returned reports Step 5 = Investigate infected hosts Step 5 = Execute Rapid Threat Containment (RTC solution is planned to work automatically by integrating products together) https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKSEC-3014.pdf ISEIE
upvoted 6 times
chongchangchi
1 year, 9 months ago
correct
upvoted 2 times
...
...
jay_c_an
Most Recent 9 months ago
I think the answer is correct based on link below. https://frsecure.com/malware-incident-response-playbook/
upvoted 1 times
jay_c_an
9 months ago
Confusing, shouldn't it start with investigate infected host since IOC with C2 activity is detected?
upvoted 1 times
...
...
DrVoIP
9 months, 4 weeks ago
Investigate infected hosts Search for infected hosts Investigate and classify the exposure Examine returned results Execute rapid threat containment - ChatGPT
upvoted 1 times
...
Bobster02
2 years ago
Step 1 = EStep 1 = Execute Rapid Threat Containment (RTC solution is planned to work automatically by integrating products together) Step 2 = Search for infected hosts Step 3 = Examine returned reports Step 4 = Investigate infected hosts Step 5 = Investigate and classify the exposurexecute Rapid Threat Containment (RTC solution is planned to work automatically by integrating products together) Step 2 = Search for infected hosts Step 3 = Examine returned reports Step 4 = Investigate infected hosts Step 5 = Investigate and classify the exposure
upvoted 1 times
...
Bobster02
2 years ago
My version is: 1. Search for infected Host 2. Execute rapid threat containment 3. Investigate infected Host 4. Investigate and classify exposure 5. Examine returned results
upvoted 2 times
jay_c_an
5 months ago
Bobster sounds right base on below. https://frsecure.com/malware-incident-response-playbook/
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago