Cisco
350-201(NEW-127Q) · Question #24
350-201(NEW-127Q) Question #24: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #24. The question stem and answer options stay visible for context.
Incident Response and Management
Question
A security analyst received an alert from a SIEM platform that one of their organization's servers with the serial number 34E93G0947LBJK60, has been compromised by a malicious actor. The analyst immediately initiated the incident response plan and started analyzing the logs to identify the source of the attack. During the investigation, the analyst discovered that the attacker had successfully exfiltrated sensitive customer data. What are the next steps the security analyst should take?
Options
- ACommunicate with the attacker to negotiate the return of the exfiltrated customer data from server 34E93G0947LBJK60.
- BMeasure the impact of the data breach and assess the potential risk to the organization.
- CReport to the incident response team and initiate remediation actions to contain the attack.
- DEscalate the issue to the executive management for guidance on communication with affected customers.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#Data Breach#Containment#Remediation