Cisco
350-201(NEW-127Q) · Question #38
350-201(NEW-127Q) Question #38: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #38. The question stem and answer options stay visible for context.
Incident Response and Threat Management
Question
An engineer is conducting a forensic investigation on a host system in the company network. The system was compromised by an advanced persistent threat group. The engineer identifies that the host system communicates with the command-and-control server using custom encryption algorithms. The attackers have been exfiltrating sensitive data using steganography in seemingly benign image files. At which stage of the incident response process is the engineer currently working?
Options
- APreparation
- BContainment, Eradication, and Recovery
- CDetection and Analysis
- DPost-Incident Activity
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response Phases#Forensic Investigation#Detection and Analysis#Threat Detection