Cisco
350-201(NEW-127Q) · Question #107
350-201(NEW-127Q) Question #107: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #107. The question stem and answer options stay visible for context.
Incident Response and Management
Question
A company was breached by phishing emails by a third-party partner email domain. Multiple employees were infected by ransomware. The incident response team detected the breach after data on the critical server became encrypted and web applications crashed. Security engineers requested recovery actions for affected servers. According to incident response processes, which two steps were missed by security staff? (Choose two.)
Options
- APerform an investigation and prepare an incident report for the CISO.
- BBlock connections to C&C and decrypt the data on endpoints.
- CBlock the compromised domain and quarantine the infected endpoint.
- DRequest that an external security vendor perform forensics actions.
- EDetermine the attack source and IOCs of the breach.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#Containment#Endpoint Quarantine#C&C Blocking