210-255 · Question #142
What can be addressed when using retrospective security techniques?
The correct answer is B. what system are affected. Retrospective security techniques analyze historical network telemetry and logs to determine the scope of an incident after it has occurred. This allows analysts to identify which systems were impacted.
Question
What can be addressed when using retrospective security techniques?
Options
- Aif the affected host needs a software update
- Bwhat system are affected
- Cif the affected system needs replacement
- Dwhy the malware is still in our network
How the community answered
(38 responses)- A3% (1)
- B92% (35)
- C5% (2)
Why each option
Retrospective security techniques analyze historical network telemetry and logs to determine the scope of an incident after it has occurred. This allows analysts to identify which systems were impacted.
Whether an affected host needs a software update is a remediation decision, not an insight derived from replaying historical traffic data.
Retrospective security works by replaying or re-examining captured network flows, logs, and events from the past to understand what occurred during an incident. A primary outcome of this analysis is determining the scope of compromise - specifically which systems were affected by a given threat or malware campaign. This is possible because the historical data provides a complete record of lateral movement and communications.
Determining if a system needs physical replacement is a hardware lifecycle decision that falls outside the scope of retrospective traffic analysis.
Retrospective analysis looks at past recorded events and cannot determine the current, real-time presence of malware still active in the network.
Concept tested: Retrospective security analysis and scope determination
Source: https://www.cisco.com/c/en/us/products/security/stealthwatch/index.html
Topics
Community Discussion
No community discussion yet for this question.