ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 137 discussion

Actual exam question from Cisco's 350-201
Question #: 137
Topic #: 1
[All 350-201 Questions]

After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?

  • A. Analyze the applications and services running on the affected workstation.
  • B. Compare workstation configuration and asset configuration policy to identify gaps.
  • C. Inspect registry entries for recently executed files.
  • D. Review audit logs for privilege escalation events.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Bobster02 at Nov. 29, 2021, 4:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
marceus
2 months, 3 weeks ago
Selected Answer: C
ChatGPT: the emphasis on inspecting registry entries for recently executed files as a first step in a forensic investigation is in line with Cisco’s best practices, focusing on identifying and analyzing indicators of compromise that can quickly lead you to identify and understand the malicious activity.
upvoted 1 times
...
TrainingTeam
6 months, 2 weeks ago
Selected Answer: C
After isolating the affected workstation in a malware incident, the next step in the investigation is to inspect the registry entries for recently executed files. This can provide clues about the malware's actions and potential persistence mechanisms. It's a critical step in understanding the scope of the breach and the methods used by the attacker
upvoted 1 times
...
DrVoIP
2 years, 2 months ago
All of the options could be valid next steps depending on the specific details of the incident and the investigator's strategy. However, in general, one common next step after isolating the affected workstation would be to analyze the applications and services running on it to identify any suspicious or unauthorized activity. - ChatGPT
upvoted 2 times
...
Medjai89
2 years, 4 months ago
C is correct. Windows registry is much more important than checking the services after a isolated workstation.
upvoted 1 times
...
Bobster02
3 years, 5 months ago
Selected Answer: A
A. Analyze the applications and services running on the affected workstation.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago