ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 280 discussion

Actual exam question from Cisco's 200-201
Question #: 280
Topic #: 1
[All 200-201 Questions]

A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints, via Cisco StealthWatch. What are the two next steps of the SOC team according to the NIST.SP800-61 incident handling process? (Choose two.)

  • A. Update antivirus signature databases on affected endpoints to block connections to C&C.
  • B. Isolate affected endpoints and take disk images for analysis.
  • C. Block connection to this C&C server on the perimeter next-generation firewall.
  • D. Provide security awareness training to HR managers and employees
  • E. Detect the attack vector and analyze C&C connections.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by e7ae798 at Nov. 25, 2024, 7:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e7ae798
6 months, 2 weeks ago
Selected Answer: BC
Since the SOC has already been detected the established connection to C&C server, I think the next step would be isolating and connection blocking
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel