Valid 200-201 Dumps shared by ExamDiscuss.com for Helping Passing 200-201 Exam! ExamDiscuss.com now offer the newest 200-201 exam dumps, the ExamDiscuss.com 200-201 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-201 dumps with Test Engine here:
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?
Correct Answer: C
According to the NIST Computer Security Incident Handling Guide, the next step in handling an event after confirming a potential indicator of compromise on an endpoint is to collect public information on the malware behavior. This step involves searching for information from various sources, such as antivirus vendors, security blogs, threat intelligence feeds, and online forums, to learn more about the characteristics, capabilities, and impact of the malware. This information can help the SOC team to identify the type, severity, and scope of the incident, as well as to determine the appropriate response actions and mitigation strategies. Isolating the infected endpoint, performing forensics analysis, and prioritizing incident handling are subsequent steps that follow after collecting public information on the malware behavior. References: * Computer Security Incident Handling Guide * SP 800-61 Rev. 2, Computer Security Incident Handling Guide