Cisco
350-201 · Question #140
350-201 Question #140: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201 to reveal the answer and full explanation for question #140. The question stem and answer options stay visible for context.
Question
After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?
Options
- AAnalyze the applications and services running on the affected workstation.
- BCompare workstation configuration and asset configuration policy to identify gaps.
- CInspect registry entries for recently executed files.
- DReview audit logs for privilege escalation events.
Unlock 350-201 to see the answer
You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.