Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Cisco
  4. CyberOps Professional
  5. 300-215 Discussions
  6. 300-215 Exam Topic 3 Question 23 Discussion
 Cisco Discussions
Exam 300-215 All Questions
Exam 300-215 All Questions

View all questions & answers for the 300-215 exam

Go to Exam

Cisco CyberOps Professional 300-215 Question # 23 Topic 3 Discussion

300-215 Exam Topic 3 Question 23 Discussion:
Question #: 23
Topic #: 3

During a routine security audit, an organization's security team detects an unusual spike in network traffic originating from one of their internal servers. Upon further investigation, the team discovered that the server was communicating with an external IP address known for hosting malicious content. The security team suspects that the server may have been compromised. As the incident response process begins, which two actions should be taken during the initial assessment phase of this incident? (Choose two.)
A.

Notify law enforcement agencies about the incident.

B.

Disconnect the compromised server from the network.

C.

Conduct a comprehensive forensic analysis of the server hard drive.

D.

Interview employees who have access to the server.

E.

Review the organization's network logs for any signs of intrusion.

Get Premium 300-215 Questions
Actual exam question for Cisco 300-215 exam by Lumen77631 at May 3, 2026, 7:19:25 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit