ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 118 discussion

Actual exam question from Cisco's 350-201
Question #: 118
Topic #: 1
[All 350-201 Questions]

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information.
A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

  • A. eradication and recovery
  • B. post-incident activity
  • C. containment
  • D. detection and analysis
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DrVoIP at Feb. 18, 2023, 4:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
marceus
4 months, 2 weeks ago
Selected Answer: A
ChatGPT: After the malware has been contained and the attacking host identified, the next logical step in the incident response workflow is eradication and recovery. This involves removing the malware from all affected systems and restoring the systems to a secure and operational state. It also includes ensuring that the systems are clean and no longer compromised.
upvoted 1 times
...
27ea763
5 months ago
Selected Answer: A
The containment was already done, the SOC analyst stopped the Malware from spreading, which means that they contained the attack. Logic option would be Eradication and Recovery as next step.
upvoted 1 times
...
jay_c_an
1 year ago
SOC analyst was able to stop the malware from spreading. This means containment is already in place so next step should be eradicate and recovery.
upvoted 1 times
jay_c_an
11 months, 3 weeks ago
Maybe C since attacking host has been identified.
upvoted 1 times
...
...
ak_technonet
1 year, 1 month ago
Selected Answer: C
The next step could be isolate
upvoted 2 times
...
DrVoIP
1 year, 4 months ago
The next step in the incident response workflow after stopping the malware from spreading and identifying the attacking host is containment. The goal of containment is to isolate and limit the impact of the incident to prevent further damage or data loss. - ChatGPT
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel