When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)

When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)

• Build detections for the behavior of known malware.
• Train web developers for securing code.
• Detect data exfiltration, lateral movement, and unauthorized credential usage.
• Perform forensic analysis of endpoints for rapid triage.
• Collect malware files and metadata for future analysis.

Explanation: When security professionals are alerted about the system compromises, forensic analysis of endpoints should be performed immediately for rapid triage. In addition, detection efforts for further attacking activities such as data exfiltration, lateral movement, and unauthorized credential usage should be enhanced to reduce damage to the minimum.

Exam with this question: CCNA Cyber Ops Chapter 13 Exam Answers
Exam with this question: CyberOps Associate Final Exam Answers