Free Cisco 300-215 Exam Questions

Question 1

An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. Considering the machine's role in a sensitive data department, what is the most critical action for the responder to take next to analyze this output for potential indicators of compromise?

A : Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B : Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C : Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D : Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

Answer: C

Question 2

Refer to the exhibit.Which two actions should be taken based on the intelligence information? (Choose two.)

A : Block network access to all .shop domains

B : Add a SIEM rule to alert on connections to identified domains.

C : Use the DNS server to block hole all .shop requests.

D : Block network access to identified domains.

E : Route traffic from identified domains to block hole.

Answer: B,D

Question 3

A security team needs to prevent a remote code execution vulnerability. The vulnerability can be exploited only by sending '${ string in the HTTP request. WAF rule is blocking '${', but system engineers detect that attackers are executing commands on the host anyway. Which action should the security team recommend?

A : Enable URL decoding on WAF.

B : Block incoming web traffic.

C : Add two WAF rules to block 'S' and '{' characters separately.

D : Deploy antimalware solution.

Answer: A

Question 4

A security team needs to prevent a remote code execution vulnerability. The vulnerability can be exploited only by sending '${ string in the HTTP request. WAF rule is blocking '${', but system engineers detect that attackers are executing commands on the host anyway. Which action should the security team recommend?

A : Enable URL decoding on WAF.

B : Block incoming web traffic.

C : Add two WAF rules to block 'S' and '{' characters separately.

D : Deploy antimalware solution.

Answer: A

Question 5

What is the steganography anti-forensics technique?

A : hiding a section of a malicious file in unused areas of a file

B : changing the file header of a malicious file to another file type

C : sending malicious files over a public network by encapsulation

D : concealing malicious files in ordinary or unsuspecting places

Answer: D