Cisco Exam 350-201 Topic 8 Question 71 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 71
Topic #: 8

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.

What is the next step in handling the incident?

ABlock the source IP from the firewall

BPerform an antivirus scan on the laptop

CIdentify systems or services at risk

DIdentify lateral movement

Show Suggested Answer

Suggested Answer: A

by Wynell at Jul 08, 2023, 03:11 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Skye

21 hours ago

I agree with C. This will help the incident response team understand the full scope of the attack and take appropriate measures to mitigate the risk.

upvoted 0 times

...

Alesia

9 days ago

Definitely C. Blocking the source IP is a temporary fix, and an antivirus scan may not catch everything. Identifying the affected systems and potential lateral movement is key to resolving this incident.

upvoted 0 times

...