ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 60 discussion

Actual exam question from Cisco's 350-201
Question #: 60
Topic #: 1
[All 350-201 Questions]


Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

  • A. Exclude the step ג€BAN malicious IPג€ to allow analysts to conduct and track the remediation
  • B. Include a step ג€Take a Snapshotג€ to capture the endpoint state to contain the threat for analysis
  • C. Exclude the step ג€Check for GeoIP locationג€ to allow analysts to analyze the location and the associated risk based on asset criticality
  • D. Include a step ג€Reportingג€ to alert the security department of threats identified by the SOAR reporting engine
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Bobster02 at Nov. 27, 2021, 3:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
maxson69
Highly Voted 2 years, 5 months ago
Answer is B
upvoted 6 times
...
jay_c_an
Most Recent 11 months ago
"solution is handling more threats than Security analysts have time to analyze" is saying they can't catch up. So how is sending notification going to help. B.
upvoted 1 times
...
DrVoIP
1 year, 3 months ago
D. Include a step “Reporting” to alert the security department of threats identified by the SOAR reporting engine. By including a reporting step in the workflow, the SOAR solution can automatically generate reports on the threats that have been detected, allowing the security team to be proactive in identifying patterns and anticipating future attacks. This will help the team prioritize their time and focus on the most important threats, while still being able to respond quickly and effectively to any issues that arise. - ChatGPT
upvoted 1 times
...
TOLU1985
1 year, 7 months ago
Selected Answer: B
I was wrong, correct answer is B https://www.rapid7.com/globalassets/_long-form-pages/soar-playbook/rapid7-insightconnect-playbook-graphics_alert-enrichment2.jpg
upvoted 2 times
...
jaciro11
1 year, 8 months ago
Selected Answer: D
B is the job of the analyst, so I think that is converted. But I dont see any part of reporting in the Workflow so I will go for D
upvoted 1 times
...
Bobster02
2 years, 5 months ago
https://www.rapid7.com/info/security-orchestration-and-automation-playbook/
upvoted 3 times
dats
1 year, 7 months ago
I gree with this, Answer is B
upvoted 1 times
...
...
CiscoTester
2 years, 5 months ago
The workflow has what it needs to analyze but yet the team cant anticipate attacks. To acomplish the goal you need to include reporting o alerts. I would place "Answer D." before the step "Allow analyst to contain" so they can acknowledge the attack and mitigate.
upvoted 1 times
chongchangchi
2 years, 1 month ago
I agree it is D. Security analyst is the keyword here "This solution is handling more threats than Security analysts have time to analyze."
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel