A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?
A.
Determine the systems involved and deploy available patches
B.
Analyze event logs and restrict network access
C.
Review access lists and require users to increase password complexity
D.
Identify the attack vector and update the IDS signature list
ChatGPT: During the recovery stage of the incident response process, the focus is on restoring affected systems to a secure state and preventing reinfection.
At the recovery stage of an incident where a remote code execution attack has occurred in a company's infrastructure after a phishing email was used to deliver a file with an embedded macro, the following step should be taken:
A. Determine the systems involved and deploy available patches.
After an incident, it is essential to determine the scope of the attack, including which systems were involved and the extent of the damage. In this case, the first step in the recovery process should be to identify the affected systems and deploy available patches to prevent the attack from recurring and to address any vulnerabilities that were exploited.
Other answers also important steps in responding to the incident, but they are not specific to the recovery stage. These steps can be taken earlier in the incident response process to help identify and contain the attack, but at the recovery stage, the focus is on restoring affected systems and preventing the attack from recurring. - ChatGPT
The most common attack vectors include malware, viruses, email attachments, web pages, pop-ups, instant messages, text messages, and social engineering. However, the number of cyber threats continues to grow as cybercriminals look to exploit unpatched or zero-day vulnerabilities listed on CVE and the dark web, as there is no single solution for preventing every attack vector.
So for this question we need to know what happens in the NIST "recovery" stage: In recovery, administrators restore systems to normal operation, confirm that the systems are functioning
normally, and (if applicable) remediate vulnerabilities to prevent similar incidents. Recovery may involve such actions as restoring systems from clean backups, rebuilding systems from scratch, replacing compromised files with clean versions, installing patches, changing passwords, and tightening network perimeter security (e.g., firewall rulesets, boundary router access control lists). Although the answer seen here is B, I also believe the answer is A.
This section is not available anymore. Please use the main Exam Page.350-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
danny069
Highly Voted 3 years, 9 months agomarceus
Most Recent 2 months, 3 weeks ago27ea763
3 months, 1 week agoTrainingTeam
6 months, 4 weeks agoshilp21
1 year, 6 months agojay_c_an
2 years, 2 months agoDrVoIP
2 years, 2 months agoMedjai89
2 years, 4 months agoTOLU1985
2 years, 7 months agokyle942
2 years, 7 months agoBobster02
3 years, 6 months agodanny069
3 years, 9 months agokou
3 years, 9 months ago