Scribd
Upload
27 views6 pages

Cisco: Questions & Answers

The document is a demo version of the Cisco 300-215 exam, which focuses on conducting forensic analysis and incident response using Cisco CyberOps technologies. It includes sample questions and answers related to incident response processes, network traffic analysis, and cloud forensics challenges. Additionally, it offers a link to purchase the full exam content and a promotional discount for potential buyers.

Uploaded by

kosokop295
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views6 pages

Cisco: Questions & Answers

The document is a demo version of the Cisco 300-215 exam, which focuses on conducting forensic analysis and incident response using Cisco CyberOps technologies. It includes sample questions and answers related to incident response processes, network traffic analysis, and cloud forensics challenges. Additionally, it offers a link to purchase the full exam content and a promotional discount for potential buyers.

Uploaded by

kosokop295
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Cisco

300-215Exam
Conducting Forensic
Analysis and Incident
Response Using Cisco
CyberOps Technologies
Questions & Answers
(Demo Version - Limited Content)

Thank you for Downloading 300-215 exam PDF Demo

Get Full File:

https://www.dumpsvibe.com/cisco/300-215-dumps.html
Questions & Answers PDF Page 12

Version: 4.0

Question: 1

Asecurity team is discussing lessons learned and suggesting process changes after a security breach
incident. During the incident, members of the security team failed to report the abnormal system
activity due to a high project workload. Additionally, when the incident was identified, the response
took six hours due to management being unavailable to provide the approvals needed. Which two
steps will prevent these issues from occurring in the future? (Choose two.)

A. Introduce a priority rating for incident response workloads.


B . Provide phishing awareness training for the fill security team.

C. Conduct a risk audit of the incident response workflow.


D . Create an executive team delegation plan.
E. Automate security alert timeframes with escalation triggers.

Answer: AE

Question: 2

An engineer is investigating a ticket from the accounting department in which a user discovered an
unexpected application on their workstation. Several alerts are seen from the intrusion detection
system of unknown outgoing internet traffic from this workstation. The engineer also notices a
degraded processing capability, which complicates the analysis process. Which two actions should
the engineer take? (Choose two.)

A . Restore to a system recovery point.

www.Dumpsvibe.com
Questions & Answers PDF Page 3

B. Replace the faulty CPU.


C. Disconnect from the network.
D. Format the workstation drives.
E. Take an image of the workstation.

Answer: AE

Question: 3

Refer to the exhibit.

What should an engineer determine from this Wireshark capture of suspicious network traffic?

A. There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the
oldest half-open TCP connections.
B. There are signs of a malformed packet attack, and the engineer should limit the packet size and set
a threshold of bytes as a countermeasure.
C. There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone
transfers as a countermeasure.

www.Dumpsvibe.com
Questions & Answers PDF Page 4

D. There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-
MAC address mappings as a countermeasure.

Answer: A

Question: 4

Refer to the exhibit.

A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the
initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the
Wireshark traffic logs?

A. http.request.un matches
B. tls.handshake.type ==1
C. tcp.port eq 25
D. tcp.window_size ==0

www.Dumpsvibe.com
Questions & Answers PDF Page 5

Answer: B

Reference:
https://www.malware-traffic-analysis.net/2018/11/08/index.html
https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

Question: 5

What is a concern for gathering forensics evidence in public cloud environments?

A. High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.
B. Configuration: Implementing security zones and proper network segmentation.
C. Timeliness: Gathering forensics evidence from cloud service providers typically requires
substantial time.
D. Multitenancy: Evidence gathering must avoid exposure of data from other tenants.

Answer: D

Reference: https://www.researchgate.net/
publication/307871954_About_Cloud_Forensics_Challenges_and_Solutions

www.Dumpsvibe.com
Thank You for trying 300-215 PDF Demo

https://www.dumpsvibe.com/cisco/300-215-dumps.html

Start Your 300-215 Preparation

[Limited Time Offer] Use Coupon "GET20OFF" for extra


25% discount the purchase of PDF file. Test your 300-215
preparation with actual exam questions

www.Dumpsvibe.com

You might also like