Cisco
350-201(NEW-127Q) · Question #101
350-201(NEW-127Q) Question #101: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #101. The question stem and answer options stay visible for context.
Incident Management and Response
Question
A SOC team receives multiple alerts from a rule that detects requests to malicious URLs. The rule also informs the incident response team to block the malicious URLs requested on the firewall. However, the incident response team is often overwhelmed with alerts and may not be able to block the malicious URLs in a timely manner. The organization has a policy that requires that all malicious URLs be blocked within 1 minute of being detected. Which action should a SOC team recommend to improve the effectiveness of the process?
Options
- ACreate an automation script that sends an automated email to the incident response team with a list of all malicious URLs that have been detected.
- BImplement a new rule that blocks all requests to malicious URLs, regardless of whether the incident response team has been notified.
- CImplement a new rule that blocks all requests to malicious URLs, but only for users who have been previously flagged by the incident response team.
- DIntegrate the SOC team's SOAR platform with the firewall to automate the process of blocking malicious URLs.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#SOAR Automation#Incident Response#Threat Blocking#SOC Operations