The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

Aeradication and recovery

Bpost-incident activity

Ccontainment

Ddetection and analysis

1 answers

99 votes

1105

Answer Link

Refer to the exhibit.
Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

ANetFlow and event data

Bevent data and syslog data

CSNMP and syslog data

DNetFlow and SNMP

1 answers

94 votes

1127

Answer Link

Refer to the exhibit.
Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

AThe prioritized behavioral indicators of compromise do not justify the execution of the ''ransomware'' because the scores do not indicate the likelihood of malicious ransomware.

BThe prioritized behavioral indicators of compromise do not justify the execution of the ''ransomware'' because the scores are high and do not indicate the likelihood of malicious ransomware.

CThe prioritized behavioral indicators of compromise justify the execution of the ''ransomware'' because the
scores are high and indicate the likelihood that malicious ransomware has been detected.

DThe prioritized behavioral indicators of compromise justify the execution of the ''ransomware'' because the scores are low and indicate the likelihood that malicious ransomware has been detected.

1 answers

74 votes

1379

Answer Link

An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

ARun the program through a debugger to see the sequential actions

BUnpack the file in a sandbox to see how it reacts

CResearch the malware online to see if there are noted findings

DDisassemble the malware to understand how it was constructed

1 answers

77 votes

1254

Answer Link

Which bash command will print all lines from the ''colors.txt'' file containing the non case-sensitive pattern ''Yellow''?

Agrep -i ''yellow'' colors.txt

Blocate ''yellow'' colors.txt

Clocate -i ''Yellow'' colors.txt

Dgrep ''Yellow'' colors.txt

1 answers

94 votes

1404

Answer Link

Cisco 350-201 Quiz:1 Topic:2 Questions:1-5

Free Practice Mock Questions Set 1-5 (Quiz # 1) for Cisco 350-201 Exam, according to official Cisco Performing CyberOps Using Core Security Technologies exam syllabus topic # 2

Quiz 1

Quiz 2

Refer to the exhibit.Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

Which bash command will print all lines from the ''colors.txt'' file containing the non case-sensitive pattern ''Yellow''?

Cisco 350-201 Quiz:1 Topic:2 Questions:1-5

Refer to the exhibit.
Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?