Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco Exam 350-201 Topic 7 Question 80 Discussion

Actual exam question for Cisco's 350-201 exam
Question #: 80
Topic #: 7
[All 350-201 Questions]

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Rolland at Jan 28, 2024, 12:57 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Romana
19 days ago
You know, I've been scratching my head on this one too. But I think the answer has to be C) containment. We can't just jump straight to eradication and recovery without making sure the threat is fully contained, can we? That's just asking for trouble.
upvoted 0 times
Cassi
1 days ago
Containment is the first line of defense in incident response.
upvoted 0 times
...
Bo
3 days ago
After containment, we can proceed with eradication and recovery.
upvoted 0 times
...
Jamal
4 days ago
Containment buys us time to analyze the situation thoroughly.
upvoted 0 times
...
Kenda
5 days ago
Let's focus on limiting the spread of the malware before we move on to eradication.
upvoted 0 times
...
Jani
6 days ago
Containment also allows for a more controlled approach to recovery.
upvoted 0 times
...
Paris
7 days ago
Once we have the threat contained, we can work on eradicating it.
upvoted 0 times
...
Devora
7 days ago
I agree, containment is crucial to prevent further damage.
upvoted 0 times
...
...
Brittni
20 days ago
Haha, you guys are really overthinking this, aren't you? It's clearly post-incident activity. We've already done the hard work of identifying and containing the threat, so now it's time to document the whole process, learn from our mistakes, and make sure this doesn't happen again.
upvoted 0 times
...
Lyndia
21 days ago
I don't know, man. I was thinking maybe eradication and recovery would be the way to go. I mean, we've already detected and analyzed the threat, so now it's time to get rid of that nasty malware and restore the system to its former glory.
upvoted 0 times
...
Helene
23 days ago
Whoa, this question is tricky! I mean, we've already identified the malware and stopped it from spreading, so I think the next logical step would be containment, don't you guys think? We need to make sure that host is isolated and the threat is fully contained before we can move on to the next phase.
upvoted 0 times
...

Save Cancel