Valid 200-201 Dumps shared by ExamDiscuss.com for Helping Passing 200-201 Exam! ExamDiscuss.com now offer the newest 200-201 exam dumps, the ExamDiscuss.com 200-201 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-201 dumps with Test Engine here:
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
Correct Answer: A
After a breach has been discovered and the immediate threat has been addressed by identifying and removing the threat's access, the next step according to the NIST SP 800-61 Incident Handling Guide is to recover from the threat. This involves restoring systems to normal operation, confirming that the systems are functioning normally, and applying patches or other remediation measures to prevent similar breaches in the future1. Reference: Understanding NIST SP 800-61: The Computer Security Incident Handling Guide