Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 56

An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

Answer options

• A. Recover from the threat.
• B. Analyze the threat.
• C. Identify lessons learned from the threat.
• D. Reduce the probability of similar threats.

Correct answer: A

Explanation

The correct next step is to recover from the threat, as it involves restoring systems and data to normal operations after a breach has been contained. Analyzing the threat is a prior step that informs recovery, while identifying lessons learned and reducing future risks are more appropriate after recovery is complete.