Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 98

Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?

Answer options

• A. Remove the shortcut files
• B. Check the audit logs
• C. Identify affected systems
• D. Investigate the malicious URLs

Correct answer: C

Explanation

The correct next step is to identify affected systems (C), as this helps to understand the extent of the issue and which other computers might be at risk. Removing the shortcut files (A) or checking audit logs (B) may not provide immediate insight into the overall impact. Investigating the malicious URLs (D) is also important, but knowing which systems are affected takes precedence to mitigate further risks.