Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 195

The SOC team has confirmed a potential indicator of compromise on an isolated endpoint. The team has narrowed the potential malware type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling the event?

Answer options

• A. Perform an AV scan on the infected endpoint.
• B. Isolate the infected endpoint from the network.
• C. Prioritize incident handling based on the impact.
• D. Analyze the malware behavior.

Correct answer: D

Explanation

The correct action is to analyze the malware behavior to understand its capabilities and impact. Performing an AV scan may not provide insights into the malware's specific actions, while isolating the endpoint and prioritizing incident handling are important but should follow the analysis of the malware for a more informed response.