Cisco
350-201(NEW-127Q) · Question #76
350-201(NEW-127Q) Question #76: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #76. The question stem and answer options stay visible for context.
Incident Response and Containment
Question
An organization detected unauthorized access to its customer database that contains sensitive PII. The incident response team must respond swiftly using automation and escalation protocols to minimize the impact of the breach. The infrastructure is a hybrid cloud with third-party integrations, which makes containment complex. The automated systems can perform network segmentation, trigger incident playbooks, and perform real-time log analysis. Which workflow should the team implement to ensure a highly efficient, scalable, and secure response?
Options
- ADeploy additional IDS, manually inspect system logs for anomalies, escalate to external incident response consultants, and apply forensics tools to identify data exfiltration.
- BManually disable third-party integrations, escalate to cloud service providers, initiate full packet capture, and enforce policy-based user account restrictions.
- CLeverage automated playbooks to trigger network segmentation, relevant machine isolation, and automatically gather forensic details from potentially compromised hosts.
- DAutomate full system shutdown, escalate directly to compliance auditors, and enforce organization-wide password resets to prevent further access.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#Security Automation#Network Containment#Digital Forensics