Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Cisco
  4. CyberOps Associate
  5. 200-201 Discussions
  6. 200-201 Exam Topic 6 Question 50 Discussion
 Cisco Discussions
Exam 200-201 All Questions
Exam 200-201 All Questions

View all questions & answers for the 200-201 exam

Go to Exam

Cisco CyberOps Associate 200-201 Question # 50 Topic 6 Discussion

200-201 Exam Topic 6 Question 50 Discussion:
Question #: 50
Topic #: 6

A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
A.

Isolate affected endpoints and take disk images for analysis

B.

Provide security awareness training to HR managers and employees

C.

Block connection to this C&C server on the perimeter next-generation firewall

D.

Update antivirus signature databases on affected endpoints to block connections to C&C

E.

Detect the attack vector and analyze C&C connections

Get Premium 200-201 Questions
Actual exam question for Cisco 200-201 exam by Onyx51069 at May 3, 2026, 5:02:42 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit