ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-215 All Questions

View all questions & answers for the 300-215 exam
Go to Exam

Exam 300-215 topic 1 question 31 discussion

Actual exam question from Cisco's 300-215
Question #: 31
Topic #: 1
[All 300-215 Questions]

An incident response team is recommending changes after analyzing a recent compromise in which:
✑ a large number of events and logs were involved;
✑ team members were not able to identify the anomalous behavior and escalate it in a timely manner;
✑ several network systems were affected as a result of the latency in detection;
✑ security engineers were able to mitigate the threat and bring systems back to a stable state; and
✑ the issue reoccurred shortly after and systems became unstable again because the correct information was not gathered during the initial identification phase.
Which two recommendations should be made for improving the incident response process? (Choose two.)

  • A. Formalize reporting requirements and responsibilities to update management and internal stakeholders throughout the incident-handling process effectively.
  • B. Improve the mitigation phase to ensure causes can be quickly identified, and systems returned to a functioning state.
  • C. Implement an automated operation to pull systems events/logs and bring them into an organizational context.
  • D. Allocate additional resources for the containment phase to stabilize systems in a timely manner and reduce an attack's breadth.
  • E. Modify the incident handling playbook and checklist to ensure alignment and agreement on roles, responsibilities, and steps before an incident occurs.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by Bobster02 at July 16, 2021, 5:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bobster02
2 years, 10 months ago
B fits better than E "Improve the mitigation phase to ensure causes can be quickly identified, and systems returned to a functioning state"
upvoted 2 times
Enforc3r
10 months, 4 weeks ago
A problem wasn't with the mitigation phase, but the identication phase, so E is good
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago