Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 300-215

Cisco® 300-215 Exam Practice Questions (P. 5)

  • Full Access (59 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
What is the goal of an incident response plan?
  1. A
    to identify critical systems and resources in an organization
  2. B
    to ensure systems are in place to prevent an attack
  3. C
    to determine security weaknesses and recommend solutions
  4. D
    to contain an attack and prevent it from spreading

Correct Answer:
D
Reference:
https://www.forcepoint.com/cyber-edu/incident-response

Question #22
A security team received an alert of suspicious activity on a user's Internet browser. The user's anti-virus software indicated that the file attempted to create a fake recycle bin folder and connect to an external IP address. Which two actions should be taken by the security analyst with the executable file for further analysis?
(Choose two.)
  1. A
    Evaluate the process activity in Cisco Umbrella.
  2. B
    Analyze the TCP/IP Streams in Cisco Secure Malware Analytics (Threat Grid).
  3. C
    Evaluate the behavioral indicators in Cisco Secure Malware Analytics (Threat Grid).
  4. D
    Analyze the Magic File type in Cisco Umbrella.
  5. E
    Network Exit Localization in Cisco Secure Malware Analytics (Threat Grid).

Correct Answer:
BC

Question #23
An employee receives an email from a "trusted" person containing a hyperlink that is malvertising. The employee clicks the link and the malware downloads. An information analyst observes an alert at the SIEM and engages the cybersecurity team to conduct an analysis of this incident in accordance with the incident response plan. Which event detail should be included in this root cause analysis?
  1. A
    phishing email sent to the victim
  2. B
    alarm raised by the SIEM
  3. C
    information from the email header
  4. D
    alert identified by the cybersecurity team

Correct Answer:
B

Question #24

Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.)
  1. A
    Block network access to all .shop domains
  2. B
    Add a SIEM rule to alert on connections to identified domains.
  3. C
    Use the DNS server to block hole all .shop requests.
  4. D
    Block network access to identified domains.
  5. E
    Route traffic from identified domains to block hole.

Correct Answer:
BD

Question #25

Refer to the exhibit. Which two determinations should be made about the attack from the Apache access logs? (Choose two.)
  1. A
    The attacker used r57 exploit to elevate their privilege.
  2. B
    The attacker uploaded the word press file manager trojan.
  3. C
    The attacker performed a brute force attack against word press and used sql injection against the backend database.
  4. D
    The attacker used the word press file manager plugin to upoad r57.php.
  5. E
    The attacker logged on normally to word press admin page.

Correct Answer:
CD

Previous Questions Next Questions

All Pages