Exam 350-201 topic 1 question 37 discussion

It doesn't mention any incidents, an alert could be the vendors 0day advisory. If there was an incident A,C,D would all be correct because it doesn't specify a IR phase. This time I will choose B

ChatGPT: In summary, determining usage helps prioritize the vulnerability's impact in the context of your organization, and it's the best first step to take after receiving the alert.

D. Implement restrictions within the VoIP VLANS After receiving an alert about a zero-day vulnerability affecting desktop phones, the engineer should immediately take action to mitigate the threat. One of the first steps in this process should be to implement restrictions within the VoIP VLANs to prevent unauthorized access and limit the scope of the attack. This could involve measures such as updating firewall rules, configuring access control lists, or isolating affected devices from the network until a patch can be applied. The engineer should also continue to monitor the situation and work with the vendor to identify and implement a patch as soon as possible. - ChatGPT

zero-day vulnerability have no patches yet, check if company is using affected products

Cisco playbook graph shows the floww: https://www.cisco.com/c/dam/en_us/about/security/images/csc_child_pages/white_papers/risk-triage-sir-flowchart.gif

A. https://handbook.sourcegraph.com/departments/security/vulnerability-management-process/

Guys, did any1 passed the exam ?

https://tools.cisco.com/security/center/resources/vulnerability_risk_triage.html#3

A best fits

Agree - first step always is correct identification of the problem.

A - Identification: Once a security breach has been detected, as much information as possible must be collected about it. What flaw did it exploit? What was its objective? Is it continuing to spread? Collect all the data provided by security tools and analyze it.

I think D is the correct answer.