Free Cisco 300-215 Exam Questions

Question 1

An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. Considering the machine's role in a sensitive data department, what is the most critical action for the responder to take next to analyze this output for potential indicators of compromise?

A : Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B : Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C : Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D : Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

Answer: C

Question 2

An “unknown error code” is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?

A : /var/log/syslog.log

B : /var/log/vmksummary.log

C : r/log/shell.log

D : r/log/general/log

Answer: A

Question 3

A : Evaluate the artifacts in Cisco Secure Malware Analytics.

B : Evaluate the file activity in Cisco Umbrella.

C : Analyze the registry activity section in Cisco Umbrella.

D : Analyze the activity paths in Cisco Secure Malware Analytics.

Answer: A

Question 4

An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. Considering the machine's role in a sensitive data department, what is the most critical action for the responder to take next to analyze this output for potential indicators of compromise?

A : Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B : Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C : Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D : Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

Answer: C

Question 5

An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. Considering the machine's role in a sensitive data department, what is the most critical action for the responder to take next to analyze this output for potential indicators of compromise?

A : Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B : Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C : Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D : Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

Answer: C