최신 300-215 무료덤프 - Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps

문제1

An incident response analyst is preparing to scan memory using a YARA rule. How is this task completed?

A. data diddling

B. XML injection

C. deobfuscation

D. string matching

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

In a secure government communication network, an automated alert indicates the presence of anomalous DLL files injected into the system memory during a routine update of communication protocols. These DLL files are exhibiting beaconing behavior to a satellite IP known for signal interception risks. Concurrently, there is an uptick in encrypted traffic volumes that suggests possible data exfiltration. Which set of actions should the security engineer prioritize?

A. Sever connections to the satellite IP, execute a rollback of the recent protocol updates, and engage counter-intelligence cybersecurity measures.

B. Activate a secure emergency communication channel, isolate the segments of the communication network, and initiate a threat hunting operation for further anomalies.

C. Invoke a classified incident response scenario, notify national defense cyber operatives, and begin containment and eradication procedures on affected systems.

D. Conduct memory forensics to analyze the suspicious DLL files, disrupt the beaconing sequence, and assess the encrypted traffic for breach indicators.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Drag and drop the capabilities on the left onto the Cisco security solutions on the right.

정답:

문제4

Refer to the exhibit.

Which type of code created the snippet?

A. VB Script

B. Bash Script

C. PowerShell

D. Python

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제5

What is a use of TCPdump?

A. to decode user credentials

B. to analyze IP and other packets

C. to view encrypted data fields

D. to change IP ports

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제6

What is an issue with digital forensics in cloud environments, from a security point of view?

A. weak cloud computer specifications

B. no physical access to the hard drive

C. lack of logs

D. network access instability

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Over the last year, an organization's HR department has accessed data from its legal department on the last day of each month to create a monthly activity report. An engineer is analyzing suspicious activity alerted by a threat intelligence platform that an authorized user in the HR department has accessed legal data daily for the last week. The engineer pulled the network data from the legal department's shared folders and discovered above average-size data dumps. Which threat actor is implied from these artifacts?

A. privilege escalation

B. external exfiltration

C. internal user errors

D. malicious insider

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the web-server ran out of useable memory and crashed.
Which data is needed for further investigation?

A. /var/log/messages.log

B. /var/log/httpd/messages.log

C. /var/log/httpd/access.log

D. /var/log/access.log

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?

A. Contain the threat for further analysis as this is an indication of suspicious activity.

B. Investigate the sender of the email and communicate with the employee to determine the motives.

C. Monitor processes as this is standard behavior of Word macro embedded documents.

D. Upload the file signature to threat intelligence tools to determine if the file is malicious.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제10

A company had a recent data leak incident. A security engineer investigating the incident discovered that a malicious link was accessed by multiple employees. Further investigation revealed targeted phishing attack attempts on macOS systems, which led to backdoor installations and data compromise. Which two security solutions should a security engineer recommend to mitigate similar attacks in the future? (Choose two.)

A. web application firewall

B. data loss prevention

C. secure email gateway

D. intrusion prevention system

E. endpoint detection and response

정답: C,E

설명: (DumpTOP 회원만 볼 수 있음)

최신 300-215 무료덤프 - Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps

우리와 연락하기

유용한 링크

최신 업데이트