Cisco Exam 350-201 Topic 8 Question 71 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 71
Topic #: 8

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.

What is the next step in handling the incident?

ABlock the source IP from the firewall

BPerform an antivirus scan on the laptop

CIdentify systems or services at risk

DIdentify lateral movement

Show Suggested Answer

Suggested Answer: A

by Wynell at Jul 08, 2023, 03:11 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Youlanda

1 months ago

C is the way to go! Gotta catch 'em all, like a cybersecurity Pokemon master!

upvoted 0 times

Clorinda

9 days ago

D) Identify lateral movement

upvoted 0 times

...

Goldie

10 days ago

A) Block the source IP from the firewall

upvoted 0 times

...

Cary

14 days ago

C) Identify systems or services at risk

upvoted 0 times

...

Skye

2 months ago

I agree with C. This will help the incident response team understand the full scope of the attack and take appropriate measures to mitigate the risk.

upvoted 0 times

Johnna

19 days ago

C) Identify systems or services at risk

upvoted 0 times

...

Carman

1 months ago

B) Perform an antivirus scan on the laptop

upvoted 0 times

...

Lauran

2 months ago

A) Block the source IP from the firewall

upvoted 0 times

...

Alesia

2 months ago

Definitely C. Blocking the source IP is a temporary fix, and an antivirus scan may not catch everything. Identifying the affected systems and potential lateral movement is key to resolving this incident.

upvoted 0 times