Free Cisco 300-215 Exam Questions

Question 1

A security team needs to prevent a remote code execution vulnerability. The vulnerability can be exploited only by sending '${ string in the HTTP request. WAF rule is blocking '${', but system engineers detect that attackers are executing commands on the host anyway. Which action should the security team recommend?

A : Enable URL decoding on WAF.

B : Block incoming web traffic.

C : Add two WAF rules to block 'S' and '{' characters separately.

D : Deploy antimalware solution.

Answer: A

Question 2

An insider scattered multiple USB flash drives with zero-day malware in a company HQ building. Many employees connected the USB flash drives to their workstations. An attacker was able to get access to endpoints from outside, steal user credentials, and exfiltrate confidential information from internal web resources. Which two steps prevent these types of security incidents in the future? (Choose two.)

A : Automate security alerts on connected USB flash drives to workstations.

B : Provide security awareness training and block usage of external drives.

C : Deploy antivirus software on employee workstations to detect malicious software.

D : Encrypt traffic from employee workstations to internal web services.

E : Deploy MFA authentication to prevent unauthorized access to critical assets.

Answer: B,E

Question 3

Refer to the exhibit.An experienced cybersecurity analyst is investigating a sophisticated suspected breach on a Windows server within an enterprise network and compiled the evidence gathered so far Which action should the analyst prioritize to understand the scope and impact of the breach?

A : Review the security log alterations to understand the methods used to deactivate security systems

B : Perform a forensic memory analysis to isolate and identify the polymorphic malware's behavior and characteristics

C : Conduct a deep dive analysis of the outbound network traffic to trace the foreign IP addresses

D : Investigate the Windows Registry modifications for potential backdoors and establish a timeline of unauthorized changes

Answer: B

Question 4

A : Destination IP 51.38.124.206 is identified as malicious

B : MD5 D634c0ba04a4e9140761cbd7b057t>8c5 is identified as malicious

C : Path http-req-51.38.124.206-80-14-1 is benign

D : The stream must be analyzed further via the pcap file

Answer: A

Question 5

A security team needs to prevent a remote code execution vulnerability. The vulnerability can be exploited only by sending '${ string in the HTTP request. WAF rule is blocking '${', but system engineers detect that attackers are executing commands on the host anyway. Which action should the security team recommend?

A : Enable URL decoding on WAF.

B : Block incoming web traffic.

C : Add two WAF rules to block 'S' and '{' characters separately.

D : Deploy antimalware solution.

Answer: A