Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 9

The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

Answer options

• A. Contain the malware
• B. Install IPS software
• C. Determine the escalation path
• D. Perform vulnerability assessment

Correct answer: D

Explanation

The correct answer is D because performing a vulnerability assessment is crucial to identify weaknesses that may have allowed the malware to penetrate the systems. While containment, installation of IPS software, and determining the escalation path are important, they do not address the underlying vulnerabilities that need to be mitigated to prevent future incidents.