nerdexam
Cisco

210-255 · Question #142

What can be addressed when using retrospective security techniques?

The correct answer is B. what system are affected. Retrospective security techniques analyze historical network telemetry and logs to determine the scope of an incident after it has occurred. This allows analysts to identify which systems were impacted.

Security Monitoring

Question

What can be addressed when using retrospective security techniques?

Options

  • Aif the affected host needs a software update
  • Bwhat system are affected
  • Cif the affected system needs replacement
  • Dwhy the malware is still in our network

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    92% (35)
  • C
    5% (2)

Why each option

Retrospective security techniques analyze historical network telemetry and logs to determine the scope of an incident after it has occurred. This allows analysts to identify which systems were impacted.

Aif the affected host needs a software update

Whether an affected host needs a software update is a remediation decision, not an insight derived from replaying historical traffic data.

Bwhat system are affectedCorrect

Retrospective security works by replaying or re-examining captured network flows, logs, and events from the past to understand what occurred during an incident. A primary outcome of this analysis is determining the scope of compromise - specifically which systems were affected by a given threat or malware campaign. This is possible because the historical data provides a complete record of lateral movement and communications.

Cif the affected system needs replacement

Determining if a system needs physical replacement is a hardware lifecycle decision that falls outside the scope of retrospective traffic analysis.

Dwhy the malware is still in our network

Retrospective analysis looks at past recorded events and cannot determine the current, real-time presence of malware still active in the network.

Concept tested: Retrospective security analysis and scope determination

Source: https://www.cisco.com/c/en/us/products/security/stealthwatch/index.html

Topics

#retrospective analysis#incident response#affected systems#security monitoring

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice