Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 16

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

Answer options

• A. Determine the systems involved and deploy available patches
• B. Analyze event logs and restrict network access
• C. Review access lists and require users to increase password complexity
• D. Identify the attack vector and update the IDS signature list

Correct answer: A

Explanation

The correct answer is A because determining the systems involved and deploying patches is critical to closing vulnerabilities exploited during the attack. While options B, C, and D are important for overall security and incident response, they do not directly address the immediate need to fix the systems impacted by the exploit.