Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 91

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

Answer options

• A. Assess the network for unexpected behavior
• B. Isolate critical hosts from the network
• C. Patch detected vulnerabilities from critical hosts
• D. Perform analysis based on the established risk factors

Correct answer: B

Explanation

The initial step for the incident response team is to isolate critical hosts from the network to prevent the malware from spreading further. Assessing the network for unexpected behavior, patching vulnerabilities, or performing analysis can follow after containment, but they are not immediate actions to mitigate the threat.