Weekend Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Cisco
  3. CyberOps Professional
  4. 300-215
  5. 300-215 - Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)

Cisco 300-215 Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Exam Practice Test

Page: 1 / 6
Total 59 questions
Get 300-215 Full Access Download 300-215 PDF

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Questions and Answers

Question 1

Which tool conducts memory analysis?

Options:

A.

MemDump

B.

Sysinternals Autoruns

C.

Volatility

D.

Memoryze

Question 2

Which tool is used for reverse engineering malware?

Options:

A.

Ghidra

B.

SNORT

C.

Wireshark

D.

NMAP

Question 3

Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?

Options:

A.

process injection

B.

privilege escalation

C.

GPO modification

D.

token manipulation

Question 4

What is the steganography anti-forensics technique?

Options:

A.

hiding a section of a malicious file in unused areas of a file

B.

changing the file header of a malicious file to another file type

C.

sending malicious files over a public network by encapsulation

D.

concealing malicious files in ordinary or unsuspecting places

Question 5

Refer to the exhibit.

Question # 5

Which two actions should be taken as a result of this information? (Choose two.)

Options:

A.

Update the AV to block any file with hash “cf2b3ad32a8a4cfb05e9dfc45875bd70”.

B.

Block all emails sent from an @state.gov address.

C.

Block all emails with pdf attachments.

D.

Block emails sent from Admin@state.net with an attached pdf file with md5 hash “cf2b3ad32a8a4cfb05e9dfc45875bd70”.

E.

Block all emails with subject containing “cf2b3ad32a8a4cfb05e9dfc45875bd70”.

Question 6

Refer to the exhibit.

Question # 6

Which type of code created the snippet?

Options:

A.

VB Script

B.

Python

C.

PowerShell

D.

Bash Script

Question 7

A network host is infected with malware by an attacker who uses the host to make calls for files and shuttle traffic to bots. This attack went undetected and resulted in a significant loss. The organization wants to ensure this does not happen in the future and needs a security solution that will generate alerts when command and control communication from an infected device is detected. Which network security solution should be recommended?

Options:

A.

Cisco Secure Firewall ASA

B.

Cisco Secure Firewall Threat Defense (Firepower)

C.

Cisco Secure Email Gateway (ESA)

D.

Cisco Secure Web Appliance (WSA)

Question 8

A security team received reports of users receiving emails linked to external or unknown URLs that are non- returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident? (Choose two.)

Options:

A.

verify the breadth of the attack

B.

collect logs

C.

request packet capture

D.

remove vulnerabilities

E.

scan hosts with updated signatures

Load More 300-215 Questions 
Page: 1 / 6
Total 59 questions
Get 300-215 Full Access Download 300-215 PDF