Cisco
210-255 · Question #141
210-255 Question #141: Real Exam Question with Answer & Explanation
The correct answer is C: threat actor attribution. Threat actor attribution is the process of reconstructing an attack and analyzing evidence to identify the responsible party. It combines forensic analysis and network remediation to trace the origin of an incident.
Security Policies and Procedures
Question
Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?
Options
- Adata analytics
- Basset attribution
- Cthreat actor attribution
- Devidence collection
Explanation
Threat actor attribution is the process of reconstructing an attack and analyzing evidence to identify the responsible party. It combines forensic analysis and network remediation to trace the origin of an incident.
Common mistakes.
- A. Data analytics is a broad discipline for processing and interpreting data sets, not a defined process for reconstructing attacks and identifying threat actors.
- B. Asset attribution refers to identifying ownership or responsibility for a given IT asset, not tracing the source of an attack.
- D. Evidence collection is the act of gathering forensic artifacts and logs, which is a precursor step to attribution rather than the attribution process itself.
Concept tested. Threat actor attribution in incident response
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
#threat actor attribution#incident response#attack reconstruction#network remediation
Community Discussion
No community discussion yet for this question.