nerdexam
Cisco

350-201 · Question #16

Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution i

Sign in or unlock 350-201 to reveal the answer and full explanation for question #16. The question stem and answer options stay visible for context.

Automation

Question

Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

Exhibit

350-201 question #16 exhibit

Options

  • AExclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation
  • BInclude a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
  • CExclude the step "Check for GeoIP location" to allow analysts to analyze the location and the
  • DInclude a step "Reporting" to alert the security department of threats identified by the SOAR

Unlock 350-201 to see the answer

You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Topics

#SOAR workflow#endpoint snapshot#threat containment#forensic analysis
Full 350-201 Practice