An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

• A.Host a discovery meeting and define configuration and policy updates
• B.Identify the traffic with data capture using Wireshark and review email filters
• C.Update the IDS/IPS signatures and reimage the affected hosts
• D.Identify the systems that have been affected and tools used to detect the attack

Comment: *

Name: *

Email: *

Verification: *

An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?

• A.Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.
• B.Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
• C.Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.
• D.Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

• A.Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality
• B.Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
• C.Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation
• D.Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine

Comment: *

Name: *

Email: *

Verification: *

An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

• A.Patch detected vulnerabilities from critical hosts
• B.Perform analysis based on the established risk factors
• C.Isolate critical hosts from the network
• D.Assess the network for unexpected behavior

Comment: *

Name: *

Email: *

Verification: *