Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 136

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family.
According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

Answer options

• A. Perform forensics analysis on the infected endpoint
• B. Isolate the infected endpoint from the network
• C. Prioritize incident handling based on the impact
• D. Collect public information on the malware behavior

Correct answer: B

Explanation

The correct action is to isolate the infected endpoint from the network to prevent further spread of the trojan and protect other systems. While forensics analysis, prioritizing incident handling, and collecting information are important, they should follow the immediate step of isolating the threat.