Cisco
350-201(NEW-127Q) · Question #22
350-201(NEW-127Q) Question #22: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #22. The question stem and answer options stay visible for context.
Incident Response and Threat Investigation
Question
In a corporate environment, a cybersecurity analyst is responsible for investigating a potential intrusion on laptop endpoints. Abnormally detection systems have raised concerns about unusual activities on several laptops, which suggests a possible security breach. In this scenario, which steps should the cybersecurity analyst recommend to investigate the potential laptop endpoint intrusion effectively?
Options
- AInitiate a system-wide backup of laptop data to preserve evidence for forensic analysis.
- BCollect and analyze laptop logs and artifacts, paying attention to unusual activities, unauthorized access, and potential indicators of compromise.
- CPerform a comprehensive vulnerability assessment on all laptops to identify potential entry points for the intrusion.
- DIsolate all affected laptops from the network to prevent further communication with the attacker.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Investigation#Log Analysis#Indicators of Compromise#Evidence Collection