Cisco 300-215 CBRFIR Exam Practice Test Instant Access

Question 1

A network host is infected with malware by an attacker who uses the host to make calls for files and shuttle traffic to bots. This attack went undetected and resulted in a significant loss. The organization wants to ensure this does not happen in the future and needs a security solution that will generate alerts when command and control communication from an infected device is detected. Which network security solution should be recommended?

ACisco Secure Firewall ASA

BCisco Secure Firewall Threat Defense (Firepower)

CCisco Secure Email Gateway (ESA)

DCisco Secure Web Appliance (WSA)

Answer : B

Question 2

Refer to the exhibit.

Which encoding technique is represented by this HEX string?

AUnicode

BBinary

CBase64

DCharcode

Answer : B

Question 3

Refer to the exhibit.

Which element in this email is an indicator of attack?

AIP Address: 202.142.155.218

Bcontent-Type: multipart/mixed

Cattachment: ''Card-Refund''

Dsubject: ''Service Credit Card''

Answer : C

Question 4

An attacker embedded a macro within a word processing file opened by a user in an organization's legal department. The attacker used this technique to gain access to confidential financial dat

a. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)

Acontrolled folder access

Bremovable device restrictions

Csigned macro requirements

Dfirewall rules creation

Enetwork access control

Answer : A, C

Question 5

Refer to the exhibit.

Which two determinations should be made about the attack from the Apache access logs? (Choose two.)

AThe attacker used r57 exploit to elevate their privilege.

BThe attacker uploaded the word press file manager trojan.

CThe attacker performed a brute force attack against word press and used sql injection against the backend database.

DThe attacker used the word press file manager plugin to upoad r57.php.

EThe attacker logged on normally to word press admin page.

Answer : C, D

Question 6

An ''unknown error code'' is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?

A/var/log/syslog.log

B/var/log/vmksummary.log

Cvar/log/shell.log

Dvar/log/general/log

Answer : A

Question 7

What is the function of a disassembler?

Aaids performing static malware analysis

Baids viewing and changing the running state

Caids transforming symbolic language into machine code

Daids defining breakpoints in program execution

Answer : A

+analysis&hl=en&as_sdt=0&as_vis=1&oi=scholart

Cisco 300-215 Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies CBRFIR Exam Practice Test