nerdexam
Cisco

350-201(NEW-127Q) · Question #97

350-201(NEW-127Q) Question #97: Real Exam Question with Answer & Explanation

The correct answer is B. endpoint detection and response tool, offline backup system, and incident response management platform. Option B is correct because each tool directly maps to a step in the playbook: an endpoint detection and response (EDR) tool identifies and isolates infected systems, an offline backup system enables restoration of encrypted files without paying the ransom, and an incident respon

Incident Response

Question

A security analyst reviews a playbook scenario that describes the steps to be taken in response to a ransomware attack targeting the organization. The scenario includes the identification and isolation of affected systems, assessment of the impact of the attack, and restoration of affected files from backup. Based on this playbook scenario, which combination of tools should the analyst determine is necessary to effectively respond to the ransomware attack?

Options

  • Adata loss prevention solution, web application firewall, and multifactor authentication system
  • Bendpoint detection and response tool, offline backup system, and incident response management platform
  • Cnetwork segmentation tool, vulnerability scanner, and intrusion prevention system
  • Duser and entity behavior analytics system, forensic analysis tool, and security information and event management platform

Explanation

Option B is correct because each tool directly maps to a step in the playbook: an endpoint detection and response (EDR) tool identifies and isolates infected systems, an offline backup system enables restoration of encrypted files without paying the ransom, and an incident response management platform coordinates and documents the overall response workflow. Option A (DLP, WAF, MFA) addresses data leakage prevention and access control - useful for prevention but not active ransomware containment or recovery. Option C (network segmentation, vulnerability scanner, IPS) focuses on network-layer defense and vulnerability discovery, which are proactive controls rather than reactive response tools. Option D (UEBA, forensics, SIEM) supports threat hunting and investigation but doesn't directly address isolation or file restoration.

Memory tip: Match each playbook step to a tool category - identify/isolate → EDR, restore → offline backup, coordinate response → IR platform. If the scenario mentions "restoration from backup," the answer must include a backup solution, which immediately points to B.

Topics

#Ransomware Response#Incident Response Tools#EDR/Backup Recovery#Containment and Recovery

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201(NEW-127Q) Practice