Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-215 Topic 4 Question 59 Discussion

Actual exam question for Cisco's 300-215 exam
Question #: 59
Topic #: 4
[All 300-215 Questions]

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C

by Kerry at Jul 05, 2023, 09:21 PM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Darrin
4 days ago
Definitely C and E. Disconnecting the network is a must to stop the bleeding, and an image is essential for a thorough investigation. Although, I have to say, I'm a little disappointed they didn't include 'Send the workstation to the IT team's secret lair for further examination' as an option.
upvoted 0 times
...
James
13 days ago
I would also suggest restoring to a system recovery point before taking any further actions. It might help in identifying the root cause of the issue.
upvoted 0 times
...
Natalie
14 days ago
I agree with Callie. Disconnecting from the network will stop the unknown outgoing traffic, and taking an image will help with analysis.
upvoted 0 times
...
Allene
15 days ago
I'm leaning towards C and E as well. Cutting off the network access is crucial to prevent further damage, and creating an image will be super helpful for the forensic analysis. Just don't forget to send that image to your favorite cybersecurity expert for a detailed review!
upvoted 0 times
...
Callie
16 days ago
I think the engineer should disconnect from the network and take an image of the workstation.
upvoted 0 times
...
Francisca
19 days ago
I believe restoring to a system recovery point could help in this situation as well.
upvoted 0 times
...
Jettie
24 days ago
Hmm, I think C and E are the way to go. Disconnect the network to isolate the issue, and take an image of the workstation to investigate further. Gotta love a good old-fashioned malware hunt!
upvoted 0 times
Robt
3 days ago
User 4: Good idea, let's get to the bottom of this malware situation.
upvoted 0 times
...
Carmen
5 days ago
User 3: We should also take an image of the workstation for further investigation.
upvoted 0 times
...
Anglea
8 days ago
User 2: Agreed, isolating the issue is key.
upvoted 0 times
...
Regenia
10 days ago
User 1: I think we should disconnect from the network.
upvoted 0 times
...
...
Desiree
27 days ago
I agree with Carin, but they should also take an image of the workstation for analysis.
upvoted 0 times
...
Carin
30 days ago
I think the engineer should disconnect from the network to prevent further damage.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77