Cisco Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT) 300-740 Question # 9 Topic 1 Discussion
300-740 Exam Topic 1 Question 9 Discussion:
Question #: 9
Topic #: 1
Refer to the exhibit. A security engineer deployed Cisco Secure XDR, and during testing, the log entry shows a security incident. Which action must the engineer take first?
The SCAZT documentation emphasizes that when Cisco Secure XDR identifies a high-risk threat (e.g., risk score 8 out of 10 for malware distribution, as shown in the exhibit), the first priority is to prevent lateral movement and data exfiltration. The recommended first response action is to isolate the affected endpoint from the network.
Cisco Secure Endpoint and XDR allow you to trigger an "isolate" response directly from the dashboard, cutting off all non-management communication from the compromised device. This preserves the environment and enables forensic analysis before removing malware or taking destructive actions like rebuilding the system.
[Reference: Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT), Section 6: Threat Response, Pages 113–118]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit