Labour Day Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. Cisco
  3. CyberOps Professional
  4. 300-215
  5. Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Questions and Answers

300-215 Sample Questions Answers

Questions 4

Refer to the exhibit.

Which two determinations should be made about the attack from the Apache access logs? (Choose two.)

Options:

A.

The attacker used r57 exploit to elevate their privilege.

B.

The attacker uploaded the word press file manager trojan.

C.

The attacker performed a brute force attack against word press and used sql injection against the backend database.

D.

The attacker used the word press file manager plugin to upoad r57.php.

E.

The attacker logged on normally to word press admin page.

Buy Now
Questions 5

What is the goal of an incident response plan?

Options:

A.

to identify critical systems and resources in an organization

B.

to ensure systems are in place to prevent an attack

C.

to determine security weaknesses and recommend solutions

D.

to contain an attack and prevent it from spreading

Buy Now
Questions 6

An incident response team is recommending changes after analyzing a recent compromise in which:

a large number of events and logs were involved;

  • team members were not able to identify the anomalous behavior and escalate it in a timely manner;
  • several network systems were affected as a result of the latency in detection;
  • security engineers were able to mitigate the threat and bring systems back to a stable state; and
  • the issue reoccurred shortly after and systems became unstable again because the correct information was not gathered during the initial identification phase.

Which two recommendations should be made for improving the incident response process? (Choose two.)

Options:

A.

Formalize reporting requirements and responsibilities to update management and internal stakeholders throughout the incident-handling process effectively.

B.

Improve the mitigation phase to ensure causes can be quickly identified, and systems returned to a functioning state.

C.

Implement an automated operation to pull systems events/logs and bring them into an organizational context.

D.

Allocate additional resources for the containment phase to stabilize systems in a timely manner and reduce an attack’s breadth.

E.

Modify the incident handling playbook and checklist to ensure alignment and agreement on roles, responsibilities, and steps before an incident occurs.

Buy Now
Questions 7

Refer to the exhibit.

According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)

Options:

A.

Domain name:iraniansk.com

B.

Server: nginx

C.

Hash value: 5f31ab113af08=1597090577

D.

filename= “Fy.exe”

E.

Content-Type: application/octet-stream

Buy Now
Questions 8

Refer to the exhibit.

Which type of code is being used?

Options:

A.

Shell

B.

VBScript

C.

BASH

D.

Python

Buy Now
Exam Code: 300-215
Exam Name: Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)
Last Update: Apr 25, 2024
Questions: 59
$68  $169.99
$52  $129.99
$44  $109.99
buy now 300-215