Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 106
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information.
A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?
Answer options
- A. eradication and recovery
- B. post-incident activity
- C. containment
- D. detection and analysis
Correct answer: A
Explanation
The correct answer is 'eradication and recovery' because once the malware has been contained and the attacking host identified, the next step is to eliminate the malware from the system and restore affected services. The other options, such as 'post-incident activity' and 'detection and analysis,' occur after eradication, while 'containment' is already completed at this stage.