nerdexam
Exams350-201Questions#135
Cisco

350-201 · Question #135

350-201 Question #135: Real Exam Question with Answer & Explanation

The correct answer is A: Determine the type of data stored on the affected asset, document the access logs, and engage. When an unknown, ownerless application is found communicating externally over unencrypted channels, the immediate next steps are to assess data exposure risk and escalate to leadership to confirm ownership before any remediation.

Processes

Question

Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

Options

  • ADetermine the type of data stored on the affected asset, document the access logs, and engage
  • BIdentify who installed the application by reviewing the logs and gather a user access log from the
  • CVerify user credentials on the affected asset, modify passwords, and confirm available patches
  • DInitiate a triage meeting with department leads to determine if the application is owned internally

Explanation

When an unknown, ownerless application is found communicating externally over unencrypted channels, the immediate next steps are to assess data exposure risk and escalate to leadership to confirm ownership before any remediation.

Common mistakes.

  • B. Reviewing installation logs to identify who installed the application is a valid forensic step but is secondary - data risk and organizational ownership must be assessed before diving into log attribution.
  • C. Verifying credentials, modifying passwords, and patching are remediation actions that are premature at this stage; the investigation must first characterize the threat and confirm ownership before applying fixes.

Concept tested. Incident response steps for unknown rogue application discovery

Reference. https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Topics

#application discovery#unauthorized application#incident investigation#data protection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201 Practice