ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 33 discussion

Actual exam question from Cisco's 350-201
Question #: 33
Topic #: 1
[All 350-201 Questions]

The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

  • A. Contain the malware
  • B. Install IPS software
  • C. Determine the escalation path
  • D. Perform vulnerability assessment
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bobster02 at July 19, 2021, 9:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TrainingTeam
6 months, 1 week ago
Selected Answer: A
According to the NIST incident handling guide, the steps for handling an incident include preparation, detection and analysis, containment, eradication, recovery, and post-incident activity12. In the scenario described, the incident response team has detected the malware, eradicated it by removing the malware, and recovered by restoring the functionality and data of infected systems. However, the step of containment, which should occur before eradication and recovery to prevent the spread of malware and further damage, appears to have been missed. Containment strategies are crucial to limit the scope and magnitude of an incident1.
upvoted 1 times
...
TrainingTeam
6 months, 3 weeks ago
Selected Answer: A
Correct answer is A
upvoted 1 times
...
DrVoIP
2 years, 2 months ago
D. Perform vulnerability assessment. After removing the malware and restoring the functionality and data of infected systems, the incident response team should perform a vulnerability assessment to identify the root cause of the incident and any other potential vulnerabilities that could lead to future incidents. This step is important to prevent future incidents and to improve the incident handling capability of the organization. Containment (A) is the initial step in the incident response process, and installing IPS software (B) can be a part of the containment or mitigation phase, depending on the specific incident. Determining the escalation path (C) is an important step in incident response, but it is not directly related to the handling of the current incident. Therefore, performing a vulnerability assessment (D) is the step that was missed in the incident response scenario according to the NIST incident handling guide. - ChatGPT
upvoted 1 times
...
Medjai89
2 years, 4 months ago
A, contain the malware https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
upvoted 2 times
...
TOLU1985
2 years, 7 months ago
Selected Answer: A
Correct answer is A.
upvoted 1 times
...
kyle942
2 years, 7 months ago
Selected Answer: C
Containment was missed https://www.cynet.com/incident-response/nist-incident-response/
upvoted 1 times
TOLU1985
2 years, 7 months ago
Why you select C then, while containment is related to A?
upvoted 1 times
...
...
maxson69
3 years, 4 months ago
Yep Contain step is missing here. Answer is A
upvoted 2 times
...
CiscoTester
3 years, 5 months ago
The fact that it says "IR team was notified" makes me think there has always been an escalation path. They removed the malware (eradicate) but did they fully contain it, could it happen again? I think its A.
upvoted 3 times
...
rhaphaexzzux
3 years, 6 months ago
C. Determine the escalation path
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago