Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 50

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)

Answer options

• A. Implement a patch management process.
• B. Scan the company server files for known viruses.
• C. Apply existing patches to the company servers.
• D. Automate antivirus scans of the company servers.
• E. Define roles and responsibilities in the incident response playbook.

Correct answer: A, C

Explanation

Implementing a patch management process and applying existing patches to the company servers are critical steps to mitigate vulnerabilities such as the Netlogon Remote Protocol issue. Scanning for viruses and automating antivirus scans do not address the underlying vulnerability, while defining roles in the incident response playbook is important but not directly related to preventing exploitation of specific vulnerabilities.