ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 22 discussion

Actual exam question from Cisco's 350-201
Question #: 22
Topic #: 1
[All 350-201 Questions]

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

  • A. Assess the network for unexpected behavior
  • B. Isolate critical hosts from the network
  • C. Patch detected vulnerabilities from critical hosts
  • D. Perform analysis based on the established risk factors
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Techieoflife at July 25, 2022, 6:25 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Deco123
7 months ago
D is the correct answer, the first step is analysis before containment and B says to isolate critical hosts not infected hosts.
upvoted 1 times
...
ak_technonet
1 year ago
Selected Answer: B
Once you identified true positive alerts, the first step is to isolate victim machines from the network, aka containment.
upvoted 1 times
...
DrVoIP
1 year, 3 months ago
Based on best practices for incident response, the first action for the incident response team should be to isolate critical hosts from the network. This is important to prevent the malware from spreading further and causing additional damage. Isolating critical hosts can involve disabling network connections, shutting down affected systems, or physically disconnecting the systems from the network. This step should be taken as soon as possible to limit the impact of the malware and prevent it from spreading to other systems or areas of the network. Once critical hosts have been isolated, the incident response team can then move on to other actions, such as assessing the network for unexpected behavior, patching detected vulnerabilities, or performing analysis based on established risk factors. Therefore, the correct answer is B. Isolate critical hosts from the network.
upvoted 1 times
...
TOLU1985
1 year, 8 months ago
Selected Answer: B
Isolate critical hosts from the network
upvoted 1 times
...
kyle942
1 year, 9 months ago
2. Identification—monitor IT systems and detect deviations from normal operations, and see if they represent actual security incidents. When an incident is discovered, collect additional evidence, establish its type and severity, and document everything.
upvoted 1 times
...
jaciro11
1 year, 9 months ago
For me is D Perform analysis based on the established risk factors But im not totally sure
upvoted 1 times
jaciro11
1 year, 9 months ago
Correct Isolate https://www.cynet.com/incident-response/incident-response-sans-the-6-steps-in-depth/
upvoted 1 times
...
...
Techieoflife
1 year, 10 months ago
Selected Answer: B
B is correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel