Cisco
350-201 · Question #128
350-201 Question #128: Real Exam Question with Answer & Explanation
The correct answer is A: Implement a patch management process.. The Netlogon (Zerologon) vulnerability is a patching issue, so preventing recurrence requires both establishing a patch management process and immediately applying the available patches.
Processes
Question
An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)
Options
- AImplement a patch management process.
- BScan the company server files for known viruses.
- CApply existing patches to the company servers.
- DAutomate antivirus scans of the company servers.
- EDefine roles and responsibilities in the incident response playbook.
Explanation
The Netlogon (Zerologon) vulnerability is a patching issue, so preventing recurrence requires both establishing a patch management process and immediately applying the available patches.
Common mistakes.
- B. Scanning for known viruses addresses malware infections, not protocol-level vulnerabilities like the Netlogon flaw that enable privilege escalation without malware.
- D. Automating antivirus scans would not detect or remediate exploitation of a cryptographic protocol vulnerability such as Zerologon.
- E. Defining roles in the incident response playbook improves response procedures but does not technically prevent the Netlogon vulnerability from being exploited again.
Concept tested. Patch management to remediate protocol privilege escalation vulnerabilities
Reference. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472
Topics
#patch management#Netlogon vulnerability#privilege escalation#vulnerability remediation
Community Discussion
No community discussion yet for this question.