Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Discussions
  1. Home
  2. Discussions
  3. Cisco
  4. CyberOps Professional
  5. 350-201 Discussions
  6. 350-201 Exam Topic 3 Question 20 Discussion
 Cisco Discussions
Exam 350-201 All Questions
Exam 350-201 All Questions

View all questions & answers for the 350-201 exam

Go to Exam

Cisco CyberOps Professional 350-201 Question # 20 Topic 3 Discussion

350-201 Exam Topic 3 Question 20 Discussion:
Question #: 20
Topic #: 3

A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?
A.

Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

B.

Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities

C.

Review the server backup and identify server content and data criticality to assess the intrusion risk

D.

Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

Get Premium 350-201 Questions
Actual exam question for Cisco 350-201 exam by Rael6399 at Oct 6, 2025, 12:00:24 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit