Cisco
350-201(NEW-127Q) · Question #99
350-201(NEW-127Q) Question #99: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #99. The question stem and answer options stay visible for context.
Incident Response and Management
Question
An IT security team detects an unauthorized access to their development environment on few QA team machines. According to the incident response workflow, which sequence of actions should the team follow to address the incident?
Options
- AImmediately recover affected systems, identify the breach, contain the threat, and then review incident response effectiveness.
- BPrioritize threat eradication, followed by system recovery, breach containment, and ending with identifying affected systems.
- CIsolate the affected machines, eradicate the identified threat, recover the affected systems, and conduct post-mortem.
- DContain the breach, identify the affected systems, eradicate the threat, recover systems, and conduct a post-incident review.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#IR Procedures#Threat Containment#Security Operations