Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 113

A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

Answer options

• A. Create a follow-up report based on the incident documentation.
• B. Perform a vulnerability assessment to find existing vulnerabilities.
• C. Eradicate malicious software from the infected machines.
• D. Collect evidence and maintain a chain-of-custody during further analysis.

Correct answer: D

Explanation

The correct answer is D, as collecting evidence and maintaining a chain-of-custody is crucial for ensuring that the investigation can be carried out properly and that the findings are legally defensible. Options A and B are not immediate next steps in the incident response process, and C, while important, comes after evidence collection and analysis.