ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 264 discussion

Actual exam question from Cisco's 200-201
Question #: 264
Topic #: 1
[All 200-201 Questions]

An engineer is working on a ticket for an incident from the incident management team. A week ago, an external web application was targeted by a DDoS attack. Server resources were exhausted and after two hours, it crashed. An engineer was able to identify the attacker and technique used. Three hours after the attack, the server was restored and the engineer recommended implementing mitigation by Blackhole filtering and transferred the incident ticket back to the IR team. According to NIST.SP800-61, at which phase of the incident response did the engineer finish work?

  • A. post-incident activity
  • B. preparation
  • C. detection and analysis
  • D. containment, eradication, and recovery
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by RoBery at Jan. 18, 2024, 8:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
036e554
2 weeks, 2 days ago
Selected Answer: D
In the Scenario: The engineer identified the attacker and technique → Detection & Analysis. The server was restored → Recovery phase. Mitigation (Blackhole filtering) was recommended → Containment. The ticket was handed off afterward — indicating completion of this phase. ✅ Therefore, the engineer finished during: D. Containment, Eradication, and Recovery.
upvoted 1 times
...
2c44ebe
1 month, 2 weeks ago
Selected Answer: A
Since the engineer restored the server (recovery) and recommended a mitigation for the future (which will be implemented as part of future recovery and preparedness), their direct work in incident response was completed during the Containment, Eradication, and Recovery phase. The responsibility for subsequent actions (implementation of blackhole filtering, post-incident analysis) lies with the incident response team.
upvoted 1 times
2c44ebe
1 month ago
Srry answer is D
upvoted 1 times
...
...
imbatnom
8 months, 1 week ago
Is D correct? It seems it may be A.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel