300-215 · Question #60
300-215 Question #60: Real Exam Question with Answer & Explanation
The correct answer is C: method of infection employed by the ransomware. A root-cause analysis must trace back to how the ransomware actually entered the environment-whether via phishing, exploit kit, RDP compromise, etc., so that you can close that specific delivery vector and prevent future outbreaks.
Question
An organization fell victim to a ransomware attack that successfully infected 256 hosts within its network. In the aftermath of this incident, the organization's cybersecurity team must prepare a thorough root cause analysis report. This report aims to identify the primary factor or factors that led to the successful ransomware attack and to develop strategies for preventing similar incidents in the future. In this context, what should the cybersecurity engineer include in the root cause analysis report to demonstrate the underlying cause of the incident?
Options
- Alog files from each of the 256 infected hosts
- Bdetailed information about the specific team members involved in the incident response effort
- Cmethod of infection employed by the ransomware
- Dcomplete threat intelligence report shared by the National CERT Association
Explanation
A root-cause analysis must trace back to how the ransomware actually entered the environment-whether via phishing, exploit kit, RDP compromise, etc., so that you can close that specific delivery vector and prevent future outbreaks.
Topics
Community Discussion
No community discussion yet for this question.