Which option can be addressed when using retrospective security techniques?

Which option can be addressed when using retrospective security techniques?
A. if the affected host needs a software update
B. how the malware entered our network
C. why the malware is still in our network
D. if the affected system needs replacement

cisco-exams

7 thoughts on “Which option can be addressed when using retrospective security techniques?

  1. https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html

    Recognizing that point-in-time, preemptive detection and blocking methods are not 100 percent effective, the Advanced Malware Protection (AMP) system continuously analyzes files and traffic even after initial inspection. AMP monitors, analyzes, and records all file activity and communications on endpoints, mobile devices, and in the network in order to quickly uncover stealthy threats that exhibit suspicious or malicious behavior. At the first sign of trouble, AMP will alert security teams and provide detailed information on the behavior of the threat, so you can answer crucial security questions, such as:

    ● Where did the malware come from?

    ● What was the method and point of entry?

    ● Where has it been and what systems were affected?

    ● What did the threat do and what is it doing now?

    ● How do we stop the threat and eliminate the root cause?

    According to NIST Special Publication 800-83 Revision 1 (page 24)

    4.2.3 Prioritizing Incident Response.

    Certain forms of malware, such as worms, tend to spread very quickly and can cause a substantial impact in minutes or hours, so they often necessitate a high-priority response. Other forms of malware, such as Trojan horses, tend to affect a single host; the response to such incidents should be based on the value of the data and services provided by the host. Organizations should establish a set of criteria that identify the appropriate level of response for various malware-related situations. The criteria should incorporate considerations such as the following:
     How the malware entered the environment and what transmission mechanisms it uses

    The correct answer is (B. how the malware entered our network or what system are affected.)

  2. Hi,
    If the correct answer is B, then it’s really strange that is was not listed on exam. I chose answer C as it was listed among the options there and it seemed to me the closest. Btw, I also had this question twice.

  3. What can be addressed when using retrospective security techniques?
    A. why the malware is still in our network
    B. what systems are affected
    C. if the affected system needs replacement
    D. if the affected host needs a software update

    According to some sources, the answer is A in this version! Any help would be appreciated!

  4. Same here. The option B was not listed on my exam.

    The worst part is, I got that question twice…

    Twice bad.

  5. Looking at Retrospective Security
    Cisco’s Advanced Malware Protection (AMP) created the term “retrospective security” as a protection system that covers the entire attack continuum, which begins before an attack happens and includes continuous analysis and advanced analytics during and after the event.

    Retrospective security lets administrators look at their systems as if they had a time machine. They can view any point in the past with tools such as retrospection, attack chain correlation, behavioral indications of compromise (IOCs), trajectory and breach hunting. Plus, they can see how their security environments have changed, rather than just viewing network aspects at a single point.
    ANSWER = B

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.