Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 63

An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

Answer options

• A. Scan the network to identify unknown assets and the asset owners.
• B. Analyze the components of the infected hosts and associated business services.
• C. Scan the host with updated signatures and remove temporary containment.
• D. Analyze the impact of the malware and contain the artifacts.

Correct answer: D

Explanation

The correct answer is D because analyzing the impact of the malware helps to understand the extent of the damage and informs the containment strategy. Options A and B do not directly address the immediate need for containment and remediation of the malware. Option C focuses on scanning and containment removal, which is premature without first assessing the full impact of the malware.