CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Download Full Version 300-215 Cisco Exam

Page: 2 / 2
Total 59 questions
Get 300-215 Full Access Download 300-215 PDF

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Questions and Answers

Question 5

What is the transmogrify anti-forensics technique?

Options:

A.

hiding a section of a malicious file in unused areas of a file

B.

sending malicious files over a public network by encapsulation

C.

concealing malicious files in ordinary or unsuspecting places

D.

changing the file header of a malicious file to another file type

Question 6

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)

Options:

A.

Restore to a system recovery point.

B.

Replace the faulty CPU.

C.

Disconnect from the network.

D.

Format the workstation drives.

E.

Take an image of the workstation.

Question 7

What are YARA rules based upon?

Options:

A.

binary patterns

B.

HTML code

C.

network artifacts

D.

IP addresses

Question 8

An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?

Options:

A.

Upload the file signature to threat intelligence tools to determine if the file is malicious.

B.

Monitor processes as this a standard behavior of Word macro embedded documents.

C.

Contain the threat for further analysis as this is an indication of suspicious activity.

D.

Investigate the sender of the email and communicate with the employee to determine the motives.

Page: 2 / 2
Total 59 questions
Get 300-215 Full Access Download 300-215 PDF