Cisco
350-201(NEW-127Q) · Question #67
350-201(NEW-127Q) Question #67: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #67. The question stem and answer options stay visible for context.
Incident Response and Management
Question
An EDR system alerted the incident response team about the activity of malicious files on the HR manager endpoint. The infected endpoint was isolated from the network. Further examination of the incidents shows that the source of this file was the phishing emails sent to company employees. According to the NIST 800-61 incident handling workflow, what is the next step in handling the incident?
Options
- AAnalyze the attack vector and prepare the incident report for management.
- BSend warning emails to vulnerable employees.
- CEradicate the malicious file from infected endpoints of HR managers.
- DInvestigate other employees' endpoints and quarantine infected ones.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#NIST 800-61#Containment#Scope Assessment