CiscoCisco
200-201 · Question #554
200-201 Question #554: Real Exam Question with Answer & Explanation
Sign in or unlock 200-201 to reveal the answer and full explanation for question #554. The question stem and answer options stay visible for context.
Submitted by carlos_mx· Mar 6, 2026Host-Based Analysis
Question
Refer to the exhibit. A security analyst wraps up the shift and passed open ticket notes to the night shift SOC team analyst. The ticket name in QUESTION 5is "Investigating suspicious activity on a Windows Server". Which operating system components must the analyst prioritize to uncover the attacker's persistence mechanisms?
Options
- AReview the Windows Defender setup and failed login attempts in Event Viewer.
- BInvestigate the Task Scheduler entries and Windows Defender settings.
- CAnalyze the Windows Registry changes and Task Scheduler tasks.
- DFocus on the user account log-ins and delete newly added Run keys in the registry.
Unlock 200-201 to see the answer
You've previewed enough free 200-201 questions. Unlock 200-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Windows persistence#registry analysis#Task Scheduler#host forensics