Valid 300-215 Dumps shared by ExamDiscuss.com for Helping Passing 300-215 Exam! ExamDiscuss.com now offer the newest 300-215 exam dumps, the ExamDiscuss.com 300-215 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 300-215 dumps with Test Engine here:
A cybersecurity analyst is analyzing a complex set of threat intelligence data from internal and external sources. Among the data, they discover a series of indicators, including patterns of unusual network traffic, a sudden increase in failed login attempts, and multiple instances of suspicious file access on the company's internal servers. Additionally, an external threat feed highlights that threat actors are actively targeting organizations in the same industry using ransomware. Which action should the analyst recommend?
Correct Answer: B
The described scenario includes both internal alerts (unusual network traffic, failed logins, suspicious file access) and external intelligence indicating active ransomware campaigns in the same industry. This constitutes a strong combination of precursors and indicators, as defined in the NIST SP 800-61 incident handling model and reinforced in the Cisco CyberOps Associate curriculum. According to the Cisco guide: * "Once an incident has occurred, the IR team needs to contain it quickly before it affects other systems and networks within the organization." * "The containment phase is crucial in stopping the threat from spreading and compromising more systems". Given these indicators and the high-value nature of the data involved, it is essential to proactively isolate suspected systems and activate the incident response plan to prevent damage from potential ransomware. -
