Valid 300-215 Exam Q&A PDF 300-215 Dump is Ready (Updated 60 Questions)
Exam Questions and Answers for 300-215 Study Guide
NEW QUESTION 15
Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?
- A. GPO modification
- B. process injection
- C. token manipulation
- D. privilege escalation
Answer: B
Explanation:
Explanation/Reference: https://attack.mitre.org/techniques/T1055/
NEW QUESTION 16
A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the manual process used to find how many files failed to download is time-consuming. The administrator is working on a PowerShell script that will parse a log file and summarize how many files were successfully downloaded versus ones that failed. Which script will read the contents of the file one line at a time and return a collection of objects?
- A. Get-Content-Folder \\Server\FTPFolder\Logfiles\ftpfiles.log | Show-From "ERROR", "SUCCESS"
- B. Get-Content -Path \\Server\FTPFolder\Logfiles\ftpfiles.log | Select-String "ERROR", "SUCCESS"
- C. Get-Content -Directory \\Server\FTPFolder\Logfiles\ftpfiles.log | Export-Result "ERROR", "SUCCESS"
- D. Get-Content -ifmatch \\Server\FTPFolder\Logfiles\ftpfiles.log | Copy-Marked "ERROR", "SUCCESS"
Answer: B
NEW QUESTION 17
A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)
- A. Automate security alert timeframes with escalation triggers.
- B. Provide phishing awareness training for the fill security team.
- C. Create an executive team delegation plan.
- D. Conduct a risk audit of the incident response workflow.
- E. Introduce a priority rating for incident response workloads.
Answer: A,E
NEW QUESTION 18
An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)
- A. Replace the faulty CPU.
- B. Restore to a system recovery point.
- C. Disconnect from the network.
- D. Take an image of the workstation.
- E. Format the workstation drives.
Answer: B,D
NEW QUESTION 19 
Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?
- A. It is exploiting redirect vulnerability
- B. It is requesting authentication on the user site.
- C. It is redirecting to a malicious phishing website,
- D. It is sharing access to files and printers.
Answer: A
NEW QUESTION 20
An incident response team is recommending changes after analyzing a recent compromise in which:
a large number of events and logs were involved;
team members were not able to identify the anomalous behavior and escalate it in a timely manner; several network systems were affected as a result of the latency in detection; security engineers were able to mitigate the threat and bring systems back to a stable state; and the issue reoccurred shortly after and systems became unstable again because the correct information was not gathered during the initial identification phase.
Which two recommendations should be made for improving the incident response process? (Choose two.)
- A. Formalize reporting requirements and responsibilities to update management and internal stakeholders throughout the incident-handling process effectively.
- B. Improve the mitigation phase to ensure causes can be quickly identified, and systems returned to a functioning state.
- C. Implement an automated operation to pull systems events/logs and bring them into an organizational context.
- D. Allocate additional resources for the containment phase to stabilize systems in a timely manner and reduce an attack's breadth.
- E. Modify the incident handling playbook and checklist to ensure alignment and agreement on roles, responsibilities, and steps before an incident occurs.
Answer: C,E
NEW QUESTION 21
Refer to the exhibit.
Which encoding technique is represented by this HEX string?
- A. Base64
- B. Unicode
- C. Charcode
- D. Binary
Answer: D
NEW QUESTION 22
What is the function of a disassembler?
- A. aids transforming symbolic language into machine code
- B. aids performing static malware analysis
- C. aids viewing and changing the running state
- D. aids defining breakpoints in program execution
Answer: B
Explanation:
Reference:
+analysis&hl=en&as_sdt=0&as_vis=1&oi=scholart
NEW QUESTION 23
What are YARA rules based upon?
- A. HTML code
- B. IP addresses
- C. binary patterns
- D. network artifacts
Answer: C
NEW QUESTION 24
Drag and drop the steps from the left into the order to perform forensics analysis of infrastructure networks on the right.
Answer:
Explanation:
NEW QUESTION 25
A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)
- A. Inspect PE header.
- B. Inspect file hash.
- C. Inspect processes.
- D. Inspect registry entries
- E. Inspect file type.
Answer: B,C
NEW QUESTION 26
What is the goal of an incident response plan?
- A. to identify critical systems and resources in an organization
- B. to contain an attack and prevent it from spreading
- C. to determine security weaknesses and recommend solutions
- D. to ensure systems are in place to prevent an attack
Answer: B
NEW QUESTION 27
A security team received reports of users receiving emails linked to external or unknown URLs that are non-returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident?
(Choose two.)
- A. scan hosts with updated signatures
- B. verify the breadth of the attack
- C. collect logs
- D. remove vulnerabilities
- E. request packet capture
Answer: A,D
NEW QUESTION 28 
Refer to the exhibit. Which determination should be made by a security analyst?
- A. An email was sent with an attachment named "Final Report.doc".
- B. An email was sent with an attachment named "Grades.doc.exe".
- C. An email was sent with an attachment named "Final Report.doc.exe".
- D. An email was sent with an attachment named "Grades.doc".
Answer: C
NEW QUESTION 29
An "unknown error code" is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?
- A. var/log/shell.log
- B. /var/log/syslog.log
- C. /var/log/vmksummary.log
- D. var/log/general/log
Answer: B
NEW QUESTION 30
A security team received an alert of suspicious activity on a user's Internet browser. The user's anti-virus software indicated that the file attempted to create a fake recycle bin folder and connect to an external IP address. Which two actions should be taken by the security analyst with the executable file for further analysis? (Choose two.)
- A. Evaluate the behavioral indicators in Cisco Secure Malware Analytics (Threat Grid).
- B. Analyze the TCP/IP Streams in Cisco Secure Malware Analytics (Threat Grid).
- C. Evaluate the process activity in Cisco Umbrella.
- D. Analyze the Magic File type in Cisco Umbrella.
- E. Network Exit Localization in Cisco Secure Malware Analytics (Threat Grid).
Answer: A,B
NEW QUESTION 31
An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?
- A. An engineer should check the server's processes by running commands ps -aux and sudo ps -a.
- B. An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/ log/apache2/access.log.
- C. An engineer should check the services on the machine by running the command service -status-all.
- D. An engineer should check the list of usernames currently logged in by running the command $ who | cut - d' ' -f1| sort | uniq
Answer: B
NEW QUESTION 32
Which information is provided bout the object file by the "-h" option in the objdump line command objdump -b oasys -m vax -h fu.o?
- A. debugging
- B. bfdname
- C. help
- D. headers
Answer: D
NEW QUESTION 33
Which tool is used for reverse engineering malware?
- A. Ghidra
- B. NMAP
- C. Wireshark
- D. SNORT
Answer: A
Explanation:
Explanation/Reference: https://www.nsa.gov/resources/everyone/ghidra/#:~:text=Ghidra%20is%20a%20software%
20reverse,in%20their%20networks%20and%20systems.
NEW QUESTION 34
......
Certification dumps - CyberOps Professional 300-215 guides - 100% valid: https://www.free4torrent.com/300-215-braindumps-torrent.html
100% Pass Your 300-215 Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps at First Attempt with Free4Torrent: https://drive.google.com/open?id=1NEL_xxdkOYwPOuhb3QeXCZK6LdvkwGqp