nerdexam
Cisco

210-255 · Question #88

What is the process of remediation the system from attack so that responsible threat actor can be revealed?

The correct answer is A. Validating the Attacking Host's IP Address. Validating the attacking host's IP address is the foundational remediation step used to confirm the attack source, enabling attribution of the responsible threat actor.

Security Policies and Procedures

Question

What is the process of remediation the system from attack so that responsible threat actor can be revealed?

Options

  • AValidating the Attacking Host's IP Address
  • BResearching the Attacking Host through Search Engines.
  • CUsing Incident Databases.
  • DMonitoring Possible Attacker Communication Channels.

How the community answered

(34 responses)
  • A
    85% (29)
  • B
    3% (1)
  • C
    3% (1)
  • D
    9% (3)

Why each option

Validating the attacking host's IP address is the foundational remediation step used to confirm the attack source, enabling attribution of the responsible threat actor.

AValidating the Attacking Host's IP AddressCorrect

Validating the attacking host's IP address involves confirming and verifying the source IP through logs, network captures, and reverse lookups to establish an accurate, authoritative record of the attacker's origin. This is a prerequisite step during post-incident remediation because a verified IP address is required before any further investigative, legal, or counter-action can be reliably pursued against the responsible threat actor.

BResearching the Attacking Host through Search Engines.

Researching the attacking host through search engines is an OSINT technique performed after the attacking IP is already validated, making it a secondary investigative step rather than the initial remediation action.

CUsing Incident Databases.

Using incident databases helps correlate known indicators of compromise against a previously identified host but depends on a validated identifier rather than being the starting point of remediation.

DMonitoring Possible Attacker Communication Channels.

Monitoring possible attacker communication channels is a threat intelligence and surveillance activity that follows initial host identification and does not constitute the first step to reveal the responsible threat actor.

Concept tested: Incident response attribution via attacking host IP validation

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident response#IP attribution#threat actor identification#remediation

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice