200-201 · Question #479
200-201 Question #479: Real Exam Question with Answer & Explanation
The correct answer is D: Analyze the malware behavior.. Once a potential indicator of compromise has been confirmed and the type of malware has been narrowed down, the next step is to conduct a detailed analysis of the malware's behavior. This involves examining the characteristics, functionalities, and potential impact of the trojan
Question
The SOC team has confirmed a potential indicator of compromise on an isolated endpoint. The team has narrowed the potential malware type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling the event?
Options
- APerform an AV scan on the infected endpoint.
- BIsolate the infected endpoint from the network.
- CPrioritize incident handling based on the impact.
- DAnalyze the malware behavior.
Explanation
Once a potential indicator of compromise has been confirmed and the type of malware has been narrowed down, the next step is to conduct a detailed analysis of the malware's behavior. This involves examining the characteristics, functionalities, and potential impact of the trojan family. Analyzing the malware's behavior helps in understanding its capabilities, methods of operation, and potential risks posed to the network or affected systems, aiding in formulating an effective response strategy.
Topics
Community Discussion
No community discussion yet for this question.