cisco 300-215 practice test

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)


Question 1


Refer to the exhibit. Which element in this email is an indicator of attack?

  • A. IP Address: 202.142.155.218
  • B. content-Type: multipart/mixed
  • C. attachment: “Card-Refund”
  • D. subject: “Service Credit Card”
Answer:

C

Discussions

Question 2

A security team receives reports of multiple files causing suspicious activity on users workstations. The file attempted to
access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to
evaluate the file in a sandbox? (Choose two.)

  • A. Inspect registry entries
  • B. Inspect processes.
  • C. Inspect file hash.
  • D. Inspect file type.
  • E. Inspect PE header.
Answer:

B C

Explanation:
Reference: https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually-d02744f7c43a

Discussions

Question 3

An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is
compromised. Which step should be taken to identify the origin of the threat?

  • A. An engineer should check the list of usernames currently logged in by running the command $ who | cut d -f1| sort | uniq
  • B. An engineer should check the server’s processes by running commands ps -aux and sudo ps -a.
  • C. An engineer should check the services on the machine by running the command service -status-all.
  • D. An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/log/apache2/access.log.
Answer:

D

Discussions

Question 4


Refer to the exhibit. What should be determined from this Apache log?

  • A. A module named mod_ssl is needed to make SSL connections.
  • B. The private key does not match with the SSL certificate.
  • C. The certificate file has been maliciously modified
  • D. The SSL traffic setup is improper
Answer:

D

Discussions

Question 5

Which information is provided bout the object file by the “-h” option in the objdump line command objdump –b oasys –m vax
–h fu.o?

  • A. bfdname
  • B. debugging
  • C. help
  • D. headers
Answer:

D

Explanation:
Reference: https://sourceware.org/binutils/docs/binutils/objdump.html

Discussions

Question 6

An employee receives an email from a trusted person containing a hyperlink that is malvertising. The employee clicks the
link and the malware downloads. An information analyst observes an alert at the SIEM and engages the cybersecurity team
to conduct an analysis of this incident in accordance with the incident response plan. Which event detail should be included
in this root cause analysis?

  • A. phishing email sent to the victim
  • B. alarm raised by the SIEM
  • C. information from the email header
  • D. alert identified by the cybersecurity team
Answer:

B

Discussions

Question 7

What is a concern for gathering forensics evidence in public cloud environments?

  • A. High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.
  • B. Configuration: Implementing security zones and proper network segmentation.
  • C. Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.
  • D. Multitenancy: Evidence gathering must avoid exposure of data from other tenants.
Answer:

D

Explanation:
Reference: https://www.researchgate.net/publication/307871954_About_Cloud_Forensics_Challenges_and_Solutions

Discussions

Question 8

Which technique is used to evade detection from security products by executing arbitrary code in the address space of a
separate live operation?

  • A. process injection
  • B. privilege escalation
  • C. GPO modification
  • D. token manipulation
Answer:

A

Explanation:
Reference: https://attack.mitre.org/techniques/T1055/

Discussions

Question 9


Refer to the exhibit. Which encoding technique is represented by this HEX string?

  • A. Unicode
  • B. Binary
  • C. Base64
  • D. Charcode
Answer:

B

Explanation:
Reference: https://www.suse.com/c/making-sense-hexdump/

Discussions

Question 10

What is the steganography anti-forensics technique?

  • A. hiding a section of a malicious file in unused areas of a file
  • B. changing the file header of a malicious file to another file type
  • C. sending malicious files over a public network by encapsulation
  • D. concealing malicious files in ordinary or unsuspecting places
Answer:

A

Explanation:
https://blog.eccouncil.org/6-anti-forensic-techniques-that-every-cyber-investigator-dreads/

Discussions
To page 2