ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 224 discussion

Actual exam question from Cisco's 200-201
Question #: 224
Topic #: 1
[All 200-201 Questions]

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim that they cannot access company servers. According to NIST SP800-61, in which phase of the incident response process is the analyst?

  • A. preparation
  • B. post-incident activity
  • C. containment, eradication, and recovery
  • D. detection and analysis
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Ozair at Sept. 30, 2022, 9:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SecurityGuy
9 months, 3 weeks ago
Selected Answer: D
It asks which phase is the Anaylst on. Given details: - notices a sudden surge of incoming traffic - detects unknown packets from unknown senders - learns that customers claim that they cannot access company servers From the given details, the Analyst has just detected the Indicators of Compromise.
upvoted 2 times
...
alhamry
1 year, 1 month ago
Based on the information given, the analyst is in the detection and analysis phase of the incident response process. During this phase, the security analyst detects the incident and conducts an initial analysis to determine the nature of the incident. Therefore, the best answer is D.
upvoted 1 times
...
evaline12
1 year, 4 months ago
prioritization hasn't happened, so I'll also go with D, but it's up to the guy who put together the questions to decide lol
upvoted 1 times
...
MaliDong
1 year, 7 months ago
Selected Answer: D
I go with D.
upvoted 3 times
...
cy_analyst
1 year, 7 months ago
Selected Answer: D
It still needs more info to proceed, the "claims" is not enough to be in C.
upvoted 1 times
...
Ozair
1 year, 8 months ago
After further investigation, the analyst learns that customers claim that they cannot access company servers. >>> that means analysis is being done I think it should be C
upvoted 4 times
weganos
1 year, 5 months ago
It's a confusing question. Since the question is in the present, not in the past one could argue that the analyst hasn't moved on to the next phase. So it's still in the detection and analysis phase? Also the customers claims should be verified first.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel