Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Cisco
  3. CyberOps Professional
  4. 300-215 - Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)

Cisco 300-215 Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Exam Practice Test

Demo: 8 questions
Total 59 questions
Get 300-215 Full Access Download 300-215 PDF

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Questions and Answers

Question 1

An “unknown error code” is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?

Options:

A.

/var/log/syslog.log

B.

/var/log/vmksummary.log

C.

var/log/shell.log

D.

var/log/general/log

Question 2

Refer to the exhibit.

Which determination should be made by a security analyst?

Options:

A.

An email was sent with an attachment named “Grades.doc.exe”.

B.

An email was sent with an attachment named “Grades.doc”.

C.

An email was sent with an attachment named “Final Report.doc”.

D.

An email was sent with an attachment named “Final Report.doc.exe”.

Question 3

Refer to the exhibit.

According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)

Options:

A.

Domain name:iraniansk.com

B.

Server: nginx

C.

Hash value: 5f31ab113af08=1597090577

D.

filename= “Fy.exe”

E.

Content-Type: application/octet-stream

Question 4

What is the function of a disassembler?

Options:

A.

aids performing static malware analysis

B.

aids viewing and changing the running state

C.

aids transforming symbolic language into machine code

D.

aids defining breakpoints in program execution

Question 5

An attacker embedded a macro within a word processing file opened by a user in an organization’s legal department. The attacker used this technique to gain access to confidential financial data. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)

Options:

A.

controlled folder access

B.

removable device restrictions

C.

signed macro requirements

D.

firewall rules creation

E.

network access control

Question 6

What is a use of TCPdump?

Options:

A.

to analyze IP and other packets

B.

to view encrypted data fields

C.

to decode user credentials

D.

to change IP ports

Question 7

Refer to the exhibit.

An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?

Options:

A.

It is redirecting to a malicious phishing website,

B.

It is exploiting redirect vulnerability

C.

It is requesting authentication on the user site.

D.

It is sharing access to files and printers.

Question 8

A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file’s behavior. Which logs should be reviewed next to evaluate this file further?

Options:

A.

email security appliance

B.

DNS server

C.

Antivirus solution

D.

network device

Load More 300-215 Questions
Demo: 8 questions
Total 59 questions
Get 300-215 Full Access Download 300-215 PDF