Free Cisco 300-215 Exam Questions

Question 1

damage. Leadership requested a report that identifies the problems that triggered the incident and the

security team’s approach to address these problems to prevent a reoccurrence. Which components of the

incident should an engineer analyze first for this report?

A : pact and flow

B : use and effect

C : k and RPN

D : tive and factors

Answer: D

Question 2

An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. Considering the machine's role in a sensitive data department, what is the most critical action for the responder to take next to analyze this output for potential indicators of compromise?

A : Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B : Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C : Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D : Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

Answer: C

Question 3

A : Destination IP 51.38.124.206 is identified as malicious

B : MD5 D634c0ba04a4e9140761cbd7b057t>8c5 is identified as malicious

C : Path http-req-51.38.124.206-80-14-1 is benign

D : The stream must be analyzed further via the pcap file

Answer: A

Question 4

An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. Considering the machine's role in a sensitive data department, what is the most critical action for the responder to take next to analyze this output for potential indicators of compromise?

A : Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B : Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C : Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D : Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

Answer: C

Question 5

In a secure government communication network, an automated alert indicates the presence of anomalous DLL files injected into the system memory during a routine update of communication protocols. These DLL files are exhibiting beaconing behavior to a satellite IP known for signal interception risks. Concurrently, there is an uptick in encrypted traffic volumes that suggests possible data exfiltration. Which set of actions should the security engineer prioritize?

A : Invoke a classified incident response scenario, notify national defense cyber operatives, and begin containment and eradication procedures on affected systems.

B : Conduct memory forensics to analyze the suspicious DLL files, disrupt the beaconing sequence, and assess the encrypted traffic for breach indicators.

C : Activate a secure emergency communication channel, isolate the segments of the communication network, and initiate a threat hunting operation for further anomalies.

D : Sever connections to the satellite IP, execute a rollback of the recent protocol updates, and engage counter-intelligence cybersecurity measures.

Answer: A