Free Cisco 300-215 Exam Questions

Question 1

In a secure government communication network, an automated alert indicates the presence of anomalous DLL files injected into the system memory during a routine update of communication protocols. These DLL files are exhibiting beaconing behavior to a satellite IP known for signal interception risks. Concurrently, there is an uptick in encrypted traffic volumes that suggests possible data exfiltration. Which set of actions should the security engineer prioritize?

A : Invoke a classified incident response scenario, notify national defense cyber operatives, and begin containment and eradication procedures on affected systems.

B : Conduct memory forensics to analyze the suspicious DLL files, disrupt the beaconing sequence, and assess the encrypted traffic for breach indicators.

C : Activate a secure emergency communication channel, isolate the segments of the communication network, and initiate a threat hunting operation for further anomalies.

D : Sever connections to the satellite IP, execute a rollback of the recent protocol updates, and engage counter-intelligence cybersecurity measures.

Answer: A

Question 2

Refer to the exhibit.Which two actions should be taken based on the intelligence information? (Choose two.)

A : Block network access to all .shop domains

B : Add a SIEM rule to alert on connections to identified domains.

C : Use the DNS server to block hole all .shop requests.

D : Block network access to identified domains.

E : Route traffic from identified domains to block hole.

Answer: B,D

Question 3

Refer to the exhibit.What is the IOC threat and URL in this STIX JSON snippet?

A : malware;‘http://x4z9arb.cn/4712/’

B : malware; x4z9arb backdoor

C : x4z9arb backdoor;http://x4z9arb.cn/4712/

D : malware; malware--162d917e-766f-4611-b5d6-652791454fca

E : stix;‘http://x4z9arb.cn/4712/’

Answer: A

Question 4

Refer to the exhibit.Which two actions should be taken based on the intelligence information? (Choose two.)

A : Block network access to all .shop domains

B : Add a SIEM rule to alert on connections to identified domains.

C : Use the DNS server to block hole all .shop requests.

D : Block network access to identified domains.

E : Route traffic from identified domains to block hole.

Answer: B,D

Question 5

In a secure government communication network, an automated alert indicates the presence of anomalous DLL files injected into the system memory during a routine update of communication protocols. These DLL files are exhibiting beaconing behavior to a satellite IP known for signal interception risks. Concurrently, there is an uptick in encrypted traffic volumes that suggests possible data exfiltration. Which set of actions should the security engineer prioritize?

A : Invoke a classified incident response scenario, notify national defense cyber operatives, and begin containment and eradication procedures on affected systems.

B : Conduct memory forensics to analyze the suspicious DLL files, disrupt the beaconing sequence, and assess the encrypted traffic for breach indicators.

C : Activate a secure emergency communication channel, isolate the segments of the communication network, and initiate a threat hunting operation for further anomalies.

D : Sever connections to the satellite IP, execute a rollback of the recent protocol updates, and engage counter-intelligence cybersecurity measures.

Answer: A