ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 460 - SY0-601 discussion

Report
Export

An organization has hired a red team to simulate attacks on its security pos-ture, which Of following will the blue team do after detecting an IOC?

A.
Reimage the impacted workstations.
Answers
A.
Reimage the impacted workstations.
B.
Activate runbooks for incident response.
Answers
B.
Activate runbooks for incident response.
C.
Conduct forensics on the compromised system,
Answers
C.
Conduct forensics on the compromised system,
D.
Conduct passive reconnaissance to gather information
Answers
D.
Conduct passive reconnaissance to gather information
Suggested answer: B

Explanation:

A runbook is a set of predefined procedures and steps that guide an incident response team through the process of handling a security incident. It can help the blue team respond quickly and effectively to an indicator of compromise (IOC) by following the best practices and predefined actions for containment, eradication, recovery and lessons learned.


asked 02/10/2024
Sarah Pachowsky
33 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first