CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 300-215

Free 300-215 Exam Braindumps (page: 4)

Page 3 of 15
PDF with 59 Questions

A security team receives reports of multiple files causing suspicious activity on users’ workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)

  1. Inspect registry entries
  2. Inspect processes.
  3. Inspect file hash.
  4. Inspect file type.
  5. Inspect PE header.

Answer(s): B,C


Reference:

https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually-d02744f7c43a



Refer to the exhibit.


An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious. What is the next step an engineer should take?

  1. Delete the suspicious email with the attachment as the file is a shortcut extension and does not represent any threat.
  2. Upload the file to a virus checking engine to compare with well-known viruses as the file is a virus disguised as a legitimate extension.
  3. Quarantine the file within the endpoint antivirus solution as the file is a ransomware which will encrypt the documents of a victim.
  4. Open the file in a sandbox environment for further behavioral analysis as the file contains a malicious script that runs on execution.

Answer(s): D



An investigator is analyzing an attack in which malicious files were loaded on the network and were undetected. Several of the images received during the attack include repetitive patterns. Which anti-forensic technique was used?

  1. spoofing
  2. obfuscation
  3. tunneling
  4. steganography

Answer(s): D


Reference:

https://doi.org/10.5120/1398-1887
https://www.carbonblack.com/blog/steganography-in-the-modern-attack-landscape/



A security team detected an above-average amount of inbound tcp/135 connection attempts from unidentified senders. The security team is responding based on their incident response playbook. Which two elements are part of the eradication phase for this incident? (Choose two.)

  1. anti-malware software
  2. data and workload isolation
  3. centralized user management
  4. intrusion prevention system
  5. enterprise block listing solution

Answer(s): C,D






Post your Comments and Discuss Cisco® 300-215 exam with other Community members:

300-215 Discussions & Posts