210-255 · Question #1
Which option can be addressed when using retrospective security techniques?
The correct answer is B. how the malware entered our network. Retrospective security techniques analyze stored historical network data to determine how a threat initially entered the network, enabling post-incident investigation.
Question
Which option can be addressed when using retrospective security techniques?
Options
- Aif the affected host needs a software update
- Bhow the malware entered our network
- Cwhy the malware is still in our network
- Dif the affected system needs replacement
How the community answered
(22 responses)- A9% (2)
- B86% (19)
- D5% (1)
Why each option
Retrospective security techniques analyze stored historical network data to determine how a threat initially entered the network, enabling post-incident investigation.
Determining whether a host needs a software update is a patch management and vulnerability remediation task, not an output of retrospective security analysis.
Retrospective security uses previously captured network traffic, logs, and telemetry to trace the attack path backward in time and identify the initial entry point of malware or an attacker. This backward-looking capability is the defining function of retrospective analysis, allowing investigators to answer questions about intrusion vectors that real-time detection missed at the time of occurrence.
Investigating why malware remains active in a network is an active incident response and containment activity, not addressed through historical retrospective analysis.
Deciding whether an affected system needs replacement is a post-analysis remediation and recovery decision, not a function of retrospective security techniques.
Concept tested: Retrospective security for post-incident threat tracing
Source: https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html
Topics
Community Discussion
No community discussion yet for this question.