ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 119 discussion

Actual exam question from Cisco's 350-201
Question #: 119
Topic #: 1
[All 350-201 Questions]

A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

  • A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
  • B. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
  • C. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
  • D. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by germx at Dec. 18, 2021, 9:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
marceus
2 months, 3 weeks ago
Selected Answer: D
ChatGPT: This multi-faceted attack suggests a coordinated cyber campaign against the organization. The best approach is to use SOAR to gather security event data, analyze threat vectors, and define the root cause. By doing so, the engineer can understand the full scope of the attack, contain ongoing threats, and develop a mitigation plan to restore operations and prevent recurrence.
upvoted 1 times
...
TrainingTeam
6 months, 2 weeks ago
Selected Answer: A
To gain a comprehensive overview of the incident involving DDOS attacks and ransomware, the SOC engineer should run and evaluate a full packet capture on the workloads, review Security Information and Event Management (SIEM) logs, and define a root cause. This will help in understanding the nature of the attacks, the extent of the damage, and the vulnerabilities that were exploited
upvoted 1 times
...
jay_c_an
1 year, 10 months ago
Running a full packet capture on a past event will not help so I think it is C.
upvoted 1 times
...
DrVoIP
2 years, 2 months ago
B. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps. - ChtGPT
upvoted 2 times
...
Medjai89
2 years, 4 months ago
Engineer wants to understand not to mitigate/contain. So answre is Correct
upvoted 4 times
...
jaciro11
2 years, 8 months ago
Selected Answer: C
Its C I agree with germx
upvoted 1 times
...
germx
3 years, 4 months ago
i'm confident C is correct
upvoted 1 times
jaciro11
2 years, 8 months ago
Good Analysis bro
upvoted 2 times
Mickers
2 years, 7 months ago
Why C and not B?
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago