Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 65

After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?

Answer options

• A. Analyze the applications and services running on the affected workstation.
• B. Compare workstation configuration and asset configuration policy to identify gaps.
• C. Inspect registry entries for recently executed files.
• D. Review audit logs for privilege escalation events.

Correct answer: A

Explanation

The correct answer is A because analyzing the applications and services on the affected workstation helps determine which components may have been compromised and how the malware operated. Options B, C, and D focus on different aspects of the investigation that are important but do not directly address the immediate next step after isolating the workstation.