Conducting Forensic Analysis and Incident Response Using Cisco Technologies (CBRFIR) — Question 8

A security team detected an above-average amount of inbound tcp/135 connection attempts from unidentified senders. The security team is responding based on their incident response playbook. Which two elements are part of the eradication phase for this incident? (Choose two.)

Answer options

• A. anti-malware software
• B. data and workload isolation
• C. centralized user management
• D. intrusion prevention system
• E. enterprise block listing solution

Correct answer: C, D

Explanation

Centralized user management (C) is crucial for controlling access and ensuring that only authorized users remain, which helps in eradicating the threat. An intrusion prevention system (D) actively monitors and blocks malicious traffic, making it essential for removing threats. The other options, while important, do not directly pertain to the eradication phase in this context.