nerdexam
Cisco

350-201(NEW-127Q) · Question #93

350-201(NEW-127Q) Question #93: Real Exam Question with Answer & Explanation

The correct answer is B. Map ransomware and insider threat patterns to EHR systems and device vulnerabilities.. Option B is correct because effective risk analysis in a complex environment requires mapping specific threat patterns (ransomware behavior, insider threat vectors) directly to specific asset vulnerabilities (EHR systems, medical device weaknesses) - this targeted correlation is

Risk Management and Assessment

Question

In a scenario where a large healthcare provider is revamping its cybersecurity strategy, it faces potential risks from sophisticated cyber threats like targeted ransomware, insider threats, and patient data breaches. The network includes diverse digital health records, interconnected medical devices, and remote patient portals. Which approach should be adopted for a risk analysis considering the provider's complex assets, varied vulnerabilities, and the severe threat landscape?

Options

  • ALimit analysis to prevalent threats, overlooking specific system or device risks.
  • BMap ransomware and insider threat patterns to EHR systems and device vulnerabilities.
  • CPerform a general health sector risk review, not tailored to the provider's unique profile.
  • DFocus on high-cost medical equipment, assuming baseline security for digital records.

Explanation

Option B is correct because effective risk analysis in a complex environment requires mapping specific threat patterns (ransomware behavior, insider threat vectors) directly to specific asset vulnerabilities (EHR systems, medical device weaknesses) - this targeted correlation is the foundation of a threat-informed, asset-centric risk assessment aligned with frameworks like NIST RMF and HIPAA Security Rule requirements.

Why the distractors fail:

  • A is wrong because ignoring system- or device-specific risks leaves critical attack surfaces unanalyzed - targeted ransomware and insider threats exploit exactly those specifics.
  • C is wrong because a generic health sector review doesn't account for this provider's unique asset mix (remote portals, interconnected devices), missing the tailored analysis the scenario demands.
  • D is wrong because it assumes digital records have baseline security without verifying it - EHRs are among the highest-value targets in healthcare breaches, so that assumption is dangerous.

Memory tip: Think "match threat to target" - the word map in option B signals the correct approach. In risk analysis, you always connect how an attack works to what it attacks. If an answer option narrows, generalizes, or assumes security without verifying, eliminate it.

Topics

#Risk Analysis#Threat Modeling#Healthcare Security#Vulnerability Assessment

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201(NEW-127Q) Practice