Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps - 300-215 FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

Which tool conducts memory analysis?

A. Sysinternals Autoruns B. MemDump C. Memoryze D. Volatility

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 2

What is the purpose of YARA rules in malware analysis and now do the rules atd in identifying, classifying, and documenting malware?

A. They encrypt identified malware on a system to prevent execution of files with the same classification B. They automatically remove malware from an infected system while documenting the behavior of the APT C. They use specific static patterns and attributes to identify and classify matware, characterizing its nature D. They create a backup of identified malware and classify it according to its origin and source

Discussion 0

Correct Answer: C Vote an answer

Question 3

A financial company handling international transactions recently experienced a complex security incident The incident involves simultaneous DDoS attacks, suspected internal data leakage and the discovery of sophisticated malware implants that have remained dormant until triggered remotely During the incident it became clear that the current procedures are inadequate and plans to tackle issues were created on the go To counter this problem going forward, the IR team is developing an incident playbook to be used if a similar incident reoccurs Which set of elements of the playbook must be introduced?

A. Engaging third-party cybersecurity experts expanding throat intelligence sharing and improving incident documentation B. Enhancing monitoring protocols, updating firewall rules, and automating traffic analysis tasks efficiently C. Establishing real-time collaboration procedures, increasing data encryption and revising access controls D. Introducing DDoS mitigation procedures, internal data leak investigations, and proactive malware containment

Discussion 0

Correct Answer: D Vote an answer

Question 4

Refer to the exhibit.

An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious. What is the next step an engineer should take?

A. Delete the suspicious email with the attachment as the file is a shortcut extension and does not represent any threat. B. Quarantine the file within the endpoint antivirus solution as the file is a ransomware which will encrypt the documents of a victim. C. Open the file in a sandbox environment for further behavioral analysis as the file contains a malicious script that runs on execution. D. Upload the file to a virus checking engine to compare with well-known viruses as the file is a virus disguised as a legitimate extension.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 5

A security team detected an above-average amount of inbound tcp/135 connection attempts from unidentified senders. The security team is responding based on their incident response playbook. Which two elements are part of the eradication phase for this incident? (Choose two.)

A. intrusion prevention system B. anti-malware software C. centralized user management D. data and workload isolation E. enterprise block listing solution

Discussion 0

Correct Answer: A,C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 6

Which type of record enables forensics analysts to identify fileless malware on Windows machines?

A. PowerShell event logs B. network records C. file event records D. IIS logs

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).