Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-215 Topic 2 Question 93 Discussion

Actual exam question for Cisco's 300-215 exam
Question #: 93
Topic #: 2
[All 300-215 Questions]

A security team received reports of users receiving emails linked to external or unknown URLs that are non- returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A

by Melita at Jan 26, 2025, 04:32 AM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gerry
2 months ago
Removing vulnerabilities is definitely important, but I think it should come a little later in the process. First, they need to get a handle on the situation and contain the damage.
upvoted 0 times
Dominga
18 days ago
Requesting packet capture can also help in analyzing the traffic and identifying any malicious activity.
upvoted 0 times
...
Dominga
1 months ago
I agree, verifying the breadth of the attack and collecting logs should be the first steps to understand the extent of the incident.
upvoted 0 times
...
...
Alberta
2 months ago
Haha, I bet the IT guys are pulling their hair out trying to keep up with that 500% increase in email traffic. Crazy stuff!
upvoted 0 times
...
Myrtie
2 months ago
Requesting packet capture is a great idea too. That data could give the security team valuable insights into the attack vector and help them plug any holes.
upvoted 0 times
Nelida
5 days ago
C) request packet capture
upvoted 0 times
...
Chaya
28 days ago
Requesting packet capture is a great idea too. That data could give the security team valuable insights into the attack vector and help them plug any holes.
upvoted 0 times
...
Maryann
1 months ago
B) collect logs
upvoted 0 times
...
Twana
2 months ago
A) verify the breadth of the attack
upvoted 0 times
...
...
Moon
2 months ago
Verifying the breadth of the attack and collecting logs seem like the obvious next steps to me. Can't really recover from an incident without understanding the full scope of the problem.
upvoted 0 times
Wilford
28 days ago
B) collect logs
upvoted 0 times
...
Janella
1 months ago
A) verify the breadth of the attack
upvoted 0 times
...
...
Corinne
2 months ago
After that, we should scan hosts with updated signatures to ensure we have addressed all vulnerabilities.
upvoted 0 times
...
Jaleesa
2 months ago
I agree with Mattie. We also need to collect logs to understand the extent of the incident.
upvoted 0 times
...
Mattie
2 months ago
I think we should verify the breadth of the attack first.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77