ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 6 discussion

Actual exam question from Cisco's 350-201
Question #: 6
Topic #: 1
[All 350-201 Questions]

The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

  • A. Determine the assets to which the attacker has access
  • B. Identify assets the attacker handled or acquired
  • C. Change access controls to high risk assets in the enterprise
  • D. Identify movement of the attacker in the enterprise
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bobster02 at July 15, 2021, 8:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ShammaA
10 months, 2 weeks ago
Selected Answer: D
Answer is D, the simplest logic is that the attacker is already in the premises so you cant say "A" is an answer because the attacker has followed an "authorized individual" so he basically piggy backed him to enter -- the best answer would be to track him down.
upvoted 1 times
...
DrVoIP
1 year, 3 months ago
At this stage, the following step should be taken: D. Identify movement of the attacker in the enterprise. The first step in responding to any security incident is to identify the scope and extent of the incident. In this case, an unauthorized individual followed an authorized individual to enter a secured premise. Therefore, the security specialist should identify the movement of the attacker in the enterprise, including where the attacker went and what the attacker did while on the premises. Once the movement of the attacker is identified, the security specialist can take appropriate action to contain the incident and minimize any damage or risk. The other options (A, B, and C) may also be important steps in a larger incident response plan, but they are not the appropriate next step in this specific scenario.
upvoted 1 times
...
jaciro11
1 year, 9 months ago
Selected Answer: D
D Is the answer
upvoted 2 times
TOLU1985
1 year, 8 months ago
hi , did you passed exam recently? are this question same as on exam? please share feedback
upvoted 1 times
Medjai89
1 year, 5 months ago
No, new questions on the exam. wait for updates
upvoted 1 times
balhimoh
1 year, 5 months ago
Hello, Did you passed the exam recently with this dump, the questions are not correct at all in this dump. Can you please confirm, thanks!
upvoted 1 times
...
...
...
...
CiscoTester
2 years, 6 months ago
"documented & given to analyze", which steps taken at this stage? It doesn't confirm an atacker exists (not A) and I wouldn't change anything until I have finished analyzing (Not C). First Identify where the person has been, who they are etc. He might be the new guy and you are lableing him as an attacker, If he seems unusual/mischievous then proceed with ABC.My Answer is: D
upvoted 2 times
...
Bobster02
2 years, 7 months ago
Hello J-Dub. Not yet. How about you?
upvoted 1 times
...
Bobster02
2 years, 10 months ago
My choice is C: Change access controls to high risk assets in the enterprise.
upvoted 1 times
J_Dub
2 years, 8 months ago
Have you taken the the 350-201 exam yet?
upvoted 1 times
...
J_Dub
2 years, 8 months ago
Hello Bobster02.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel