Cisco
400-007 · Question #187
400-007 Question #187: Real Exam Question with Answer & Explanation
The correct answer is B: integration with an incident response plan. Augmented IPFIX telemetry enriched with application and user-activity data provides the context needed to trigger and execute a formal incident response plan.
Question
A network security team uses a purpose-built tool to actively monitor the campus network, applications, and user activity. The team also analyzes enterprise telemetry data from IPFIX data records that are received from devices in the campus network. Which action can be taken based on the augmented data?
Options
- Areduction in time to detect and respond to threats
- Bintegration with an incident response plan
- Cadoption and improvement of threat-detection response
- Dasset identification and grouping decisions
Explanation
Augmented IPFIX telemetry enriched with application and user-activity data provides the context needed to trigger and execute a formal incident response plan.
Common mistakes.
- A. Reduction in detection and response time is a measurable outcome or benefit that results from good tooling and process integration, not a discrete action the team takes based on the augmented data.
- C. Adoption and improvement of threat-detection response describes a long-term strategic program, not a concrete action that can be directly executed from a specific set of augmented telemetry records.
- D. Asset identification and grouping is a preparatory configuration step performed during initial sensor deployment, not an ongoing action driven by the analysis of live IPFIX telemetry records.
Concept tested. IPFIX telemetry integration with incident response planning
Reference. https://www.cisco.com/c/en/us/products/security/secure-network-analytics/index.html
Community Discussion
No community discussion yet for this question.