Cisco
210-255 · Question #132
210-255 Question #132: Real Exam Question with Answer & Explanation
The correct answer is D: Threat actor distribution. In this exam context, threat actor distribution refers to the process of remediating and reconstructing compromised systems specifically to attribute the attack to the responsible party.
Security Policies and Procedures
Question
What is the process of remediation the network and systems and/or reconstructing so the responsible threat actor can be revealed?
Options
- AData analysis
- BAssets distribution
- CEvidence collection
- DThreat actor distribution
Explanation
In this exam context, threat actor distribution refers to the process of remediating and reconstructing compromised systems specifically to attribute the attack to the responsible party.
Common mistakes.
- A. Data analysis refers to examining already-collected forensic artifacts for patterns and findings, not the act of remediating or rebuilding systems.
- B. Assets distribution is not a recognized incident response or forensic process related to system remediation or threat attribution.
- C. Evidence collection is the phase of gathering digital artifacts from compromised systems, which precedes and is distinct from the remediation and reconstruction process.
Concept tested. Incident response remediation and threat actor attribution
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
#threat actor attribution#incident response#network remediation#attack reconstruction
Community Discussion
No community discussion yet for this question.