nerdexam
Cisco

210-255 · Question #1

Which option can be addressed when using retrospective security techniques?

The correct answer is B. how the malware entered our network. Retrospective security techniques analyze stored historical network data to determine how a threat initially entered the network, enabling post-incident investigation.

Security Monitoring

Question

Which option can be addressed when using retrospective security techniques?

Options

  • Aif the affected host needs a software update
  • Bhow the malware entered our network
  • Cwhy the malware is still in our network
  • Dif the affected system needs replacement

How the community answered

(22 responses)
  • A
    9% (2)
  • B
    86% (19)
  • D
    5% (1)

Why each option

Retrospective security techniques analyze stored historical network data to determine how a threat initially entered the network, enabling post-incident investigation.

Aif the affected host needs a software update

Determining whether a host needs a software update is a patch management and vulnerability remediation task, not an output of retrospective security analysis.

Bhow the malware entered our networkCorrect

Retrospective security uses previously captured network traffic, logs, and telemetry to trace the attack path backward in time and identify the initial entry point of malware or an attacker. This backward-looking capability is the defining function of retrospective analysis, allowing investigators to answer questions about intrusion vectors that real-time detection missed at the time of occurrence.

Cwhy the malware is still in our network

Investigating why malware remains active in a network is an active incident response and containment activity, not addressed through historical retrospective analysis.

Dif the affected system needs replacement

Deciding whether an affected system needs replacement is a post-analysis remediation and recovery decision, not a function of retrospective security techniques.

Concept tested: Retrospective security for post-incident threat tracing

Source: https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html

Topics

#retrospective analysis#malware investigation#incident forensics#network security

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice