Which action should be taken during this phase?

350-201 0 Comments

An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process.

Which action should be taken during this phase?
A . Host a discovery meeting and define configuration and policy updates
B . Update the IDS/IPS signatures and reimage the affected hosts
C . Identify the systems that have been affected and tools used to detect the attack
D . Identify the traffic with data capture using Wireshark and review email filters

Answer: C

Latest 350-201 Dumps Valid Version with 139 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 350-201 PDF     350-201 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments