Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-215 Topic 3 Question 88 Discussion

Actual exam question for Cisco's 300-215 exam
Question #: 88
Topic #: 3
[All 300-215 Questions]

An incident response team is recommending changes after analyzing a recent compromise in which:

a large number of events and logs were involved;

team members were not able to identify the anomalous behavior and escalate it in a timely manner;

several network systems were affected as a result of the latency in detection;

security engineers were able to mitigate the threat and bring systems back to a stable state; and

the issue reoccurred shortly after and systems became unstable again because the correct information was not gathered during the initial identification phase.

Which two recommendations should be made for improving the incident response process? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, E

by Garry at Sep 16, 2024, 02:12 PM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Torie
6 months ago
Haha, I bet the security team wishes they had a 'Hack Undo' button for when things go wrong. Too bad that's not an actual option on the exam.
upvoted 0 times
Azzie
5 months ago
D) Allocate additional resources for the containment phase to stabilize systems in a timely manner and reduce an attack's breadth.
upvoted 0 times
...
Leatha
5 months ago
C) Implement an automated operation to pull systems events/logs and bring them into an organizational context.
upvoted 0 times
...
Maryann
5 months ago
B) Improve the mitigation phase to ensure causes can be quickly identified, and systems returned to a functioning state.
upvoted 0 times
...
Camellia
6 months ago
A) Formalize reporting requirements and responsibilities to update management and internal stakeholders throughout the incident-handling process effectively.
upvoted 0 times
...
...
Andra
7 months ago
I'd also consider B. Improving the mitigation phase to quickly identify and resolve the root cause is important to prevent the recurrence mentioned in the question.
upvoted 0 times
Cecilia
6 months ago
Allocating additional resources for the containment phase could help stabilize systems faster and reduce the impact of attacks.
upvoted 0 times
...
Jeanice
6 months ago
Yes, that's a good idea. We also need to improve the mitigation phase to quickly identify and resolve the root cause.
upvoted 0 times
...
Alyce
6 months ago
I think we should formalize reporting requirements and responsibilities to keep everyone updated.
upvoted 0 times
...
...
Sabine
7 months ago
I believe implementing an automated operation to pull system events/logs would be beneficial as well.
upvoted 0 times
...
Mila
7 months ago
I agree, C and E are the way to go. You can't rely on manual processes when you need to act fast during a breach. Automation is crucial.
upvoted 0 times
Esteban
6 months ago
Absolutely, manual processes can slow down response time. Automation and clear guidelines are key in incident response.
upvoted 0 times
...
Camellia
6 months ago
I agree with you. Automation can definitely speed up the process and having a clear playbook is essential.
upvoted 0 times
...
Hyun
6 months ago
E) Modify the incident handling playbook and checklist to ensure alignment and agreement on roles, responsibilities, and steps before an incident occurs.
upvoted 0 times
...
Van
6 months ago
C) Implement an automated operation to pull systems events/logs and bring them into an organizational context.
upvoted 0 times
...
...
Nickolas
7 months ago
Definitely go with C and E. Automating the log gathering process and updating the incident response playbook are key to avoiding the delays described in the scenario.
upvoted 0 times
Vincent
6 months ago
That sounds like a solid plan. Automating the log gathering process will definitely help speed up the response time.
upvoted 0 times
...
Aleisha
6 months ago
E) Modify the incident handling playbook and checklist to ensure alignment and agreement on roles, responsibilities, and steps before an incident occurs.
upvoted 0 times
...
Lavina
7 months ago
C) Implement an automated operation to pull systems events/logs and bring them into an organizational context.
upvoted 0 times
...
...
Kasandra
7 months ago
I agree with that. We also need to improve the mitigation phase for quick identification.
upvoted 0 times
...
Lezlie
7 months ago
I think we should formalize reporting requirements to keep everyone updated.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77