Cisco
350-201(NEW-127Q) · Question #8
350-201(NEW-127Q) Question #8: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #8. The question stem and answer options stay visible for context.
Incident Response and Management
Question
During a routine security audit, a cybersecurity team at a multinational corporation discovers a complex security breach involving exfiltration of sensitive data. The threat has affected multiple systems across different departments. In line with their incident response workflow, which set of actions should the team take to effectively manage and mitigate this multifaceted incident?
Options
- AFocus on removing the threat first, then identifying the compromised systems, followed by restoration and a final review.
- BIsolate affected systems, determine the extent of the breach, remove the intrusion, restore operations, and review the incident.
- CConduct an immediate review to hypothesize about the breach source, then proceed with system isolation and threat eradication.
- DBegin with restoring operations, then move to isolating systems, analyzing the breach, and concluding with an incident review.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#Data Breach Containment#Threat Eradication#Post-Incident Analysis