Cisco Performing CyberOps Using Core Security Technologies (CBRCOR) 350-201 Question # 19 Topic 2 Discussion

350-201 Exam Topic 2 Question 19 Discussion:

Question #: 19

Topic #: 2

A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities

Review the server backup and identify server content and data criticality to assess the intrusion risk

Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

Get Premium 350-201 Questions

Actual exam question for Cisco 350-201 exam by Nyx17176 at Aug 2, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Cisco Performing CyberOps Using Core Security Technologies (CBRCOR) 350-201 Question # 19 Topic 2 Discussion

Cisco Performing CyberOps Using Core Security Technologies (CBRCOR) 350-201 Question # 19 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Cisco Performing CyberOps Using Core Security Technologies (CBRCOR) 350-201 Question # 19 Topic 2 Discussion

Cisco Performing CyberOps Using Core Security Technologies (CBRCOR) 350-201 Question # 19 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval