ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 20 discussion

Actual exam question from Cisco's 350-201
Question #: 20
Topic #: 1
[All 350-201 Questions]

DRAG DROP -
An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by TOLU1985 at Sept. 25, 2022, 9:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Geoaws
1 year ago
This dump is no longer valid. Took the exam yesterday and only around 8 of 101 questions there.
upvoted 1 times
Vic25H
10 months ago
Did you pass?
upvoted 1 times
...
...
DrVoIP
1 year, 2 months ago
Collect log data: Collecting log data is the first step to understand the extent and nature of the incident, including the scope of unauthorized access and system changes that have occurred. Identify systems to be taken offline: Identifying systems that have been compromised or exposed to the unauthorized software is crucial to prevent further damage and contain the incident. Conduct content scans: Conducting content scans can help identify any other unauthorized software or malicious files that may have been installed on the network. Request system patch: Requesting a system patch may help mitigate the vulnerability that led to the escalation of privilege attack, and prevent future attacks of a similar nature. Reimage: Reimaging the affected system may be necessary if the system has been compromised to a degree that it cannot be remediated through other means. It is important to note that the order of these activities may vary depending on the specifics of the incident, and they may need to be conducted concurrently to ensure a timely and effective response. - ChatGPT
upvoted 1 times
jaciro11
12 months ago
Its wrong, can be chatGPT but why you will identify systems to taken offline without conduct a content scan, and why you will do a system patch before your make a reimage.... soo?
upvoted 1 times
jay_c_an
11 months, 2 weeks ago
I believe the order needs to be: 1) evidence collection - collect logs from sensors 2) Identify devices that need to be quarantine 3) Content scan for malware detection 4) Vendor patch 5) If patch didn't work, reimage.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago