CiscoCisco
200-201 · Question #304
200-201 Question #304: Real Exam Question with Answer & Explanation
Sign in or unlock 200-201 to reveal the answer and full explanation for question #304. The question stem and answer options stay visible for context.
Submitted by hans_de· Mar 6, 2026Security Policies and Procedures
Question
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints, via Cisco StealthWatch. What are the two next steps of the SOC team according to the NIST.SP800-61 incident handling process? (Choose two.)
Options
- AUpdate antivirus signature databases on affected endpoints to block connections to C&C.
- BIsolate affected endpoints and take disk images for analysis.
- CBlock connection to this C&C server on the perimeter next-generation firewall.
- DProvide security awareness training to HR managers and employees
- EDetect the attack vector and analyze C&C connections.
Unlock 200-201 to see the answer
You've previewed enough free 200-201 questions. Unlock 200-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#NIST SP 800-61#Containment#Analysis