CompTIA Exam SY0-601 Topic 5 Question 87 Discussion

Actual exam question for CompTIA's SY0-601 exam

Question #: 87
Topic #: 5

An organization has hired a red team to simulate attacks on its security pos-ture, which Of following will the blue team do after detecting an IOC?

AReimage the impacted workstations.

BActivate runbooks for incident response.

CConduct forensics on the compromised system,

DConduct passive reconnaissance to gather information

Show Suggested Answer

Suggested Answer: B

A runbook is a set of predefined procedures and steps that guide an incident response team through the process of handling a security incident.It can help the blue team respond quickly and effectively to an indicator of compromise (IOC) by following the best practices and predefined actions for containment, eradication, recovery and lessons learned.

by Alex at Jul 15, 2024, 03:59 AM

Limited Time Offer

25%

Off

Get Premium SY0-601 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Curt

4 months ago

Reimaging the impacted workstations could also be a good option to ensure the security of the network.

upvoted 0 times

...

Hermila

4 months ago

I believe they might also activate runbooks for incident response to contain the attack.

upvoted 0 times

...

Maryln

4 months ago

Hey, at least they hired a red team. Keeps the blue team on their toes, you know?

upvoted 0 times

Teri

3 months ago

B) Activate runbooks for incident response.

upvoted 0 times

...

Helga

4 months ago

A) Reimage the impacted workstations.

upvoted 0 times

...

Alethea

4 months ago

I agree with Daniela, conducting forensics is crucial to understand the extent of the compromise.

upvoted 0 times

...

Daniela

4 months ago

I think the blue team will conduct forensics on the compromised system.

upvoted 0 times

...

Marcelle

4 months ago

A) Reimage the impacted workstations. Fresh start, clean slate, what could go wrong?

upvoted 0 times

...

Penney

4 months ago

D) Conduct passive reconnaissance to gather information. Sneaky, but it might just give us the edge we need.

upvoted 0 times

...

Charlie

4 months ago

B) Activate runbooks for incident response. Standard operating procedure, can't go wrong with that.

upvoted 0 times

Scarlet

3 months ago

C) Conduct forensics on the compromised system.

upvoted 0 times

...

Andra

3 months ago

B) Activate runbooks for incident response.

upvoted 0 times

...

Lashaun

4 months ago

A) Reimage the impacted workstations.

upvoted 0 times

...

Billye

4 months ago

C) Conduct forensics on the compromised system. Gotta get to the bottom of this breach!

upvoted 0 times

Cyndy

3 months ago

C) Conduct forensics on the compromised system.

upvoted 0 times

...

Carlee

3 months ago

B) Activate runbooks for incident response.

upvoted 0 times

...

Lemuel

4 months ago

A) Reimage the impacted workstations.

upvoted 0 times

...