Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Pass 300-215 Exam Guide

Page: 3 / 9
Total 115 questions

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Questions and Answers

Question 9

A cybersecurity analyst is examining a complex dataset of threat intelligence information from various sources. Among the data, they notice multiple instances of domain name resolution requests to suspicious domains known for hosting C2 servers. Simultaneously, the intrusion detection system logs indicate a series of network anomalies, including unusual port scans and attempts to exploit known vulnerabilities. The internal logs also reveal a sudden increase in outbound network traffic from a specific internal host to an external IP address located in a high-risk region. Which action should be prioritized by the organization?

Options:

A.

Threat intelligence information should be marked as false positive because unnecessary alerts impact security key performance indicators.

B.

Focus should be applied toward attempts of known vulnerability exploitation because the attacker might land and expand quickly.

C.

Organization should focus on C2 communication attempts and the sudden increase in outbound network traffic via a specific host.

D.

Data on ports being scanned should be collected and SSL decryption on Firewall enabled to capture the potentially malicious traffic.

Question 10

Drag and drop the steps from the left into the order to perform forensics analysis of infrastructure networks on the right.

Options:

Question 11

An organization experienced a sophisticated phishing attack that resulted in the compromise of confidential information from thousands of user accounts. The threat actor used a land and expand approach, where initially accessed account was used to spread emails further. The organization's cybersecurity team must conduct an in-depth root cause analysis to uncover the central factor or factors responsible for the success of the phishing attack. The very first victim of the attack was user with email 500236186@test.com. The primary objective is to formulate effective strategies for preventing similar incidents in the future. What should the cybersecurity engineer prioritize in the root cause analysis report to demonstrate the underlying cause of the incident?

Options:

A.

investigation into the specific vulnerabilities or weaknesses in the organization's email security systems that were exploited by the attackers

B.

evaluation of the organization's incident response procedures and the performance of the incident response team

C.

examination of the organization's network traffic logs to identify patterns of unusual behavior leading up to the attack

D.

comprehensive analysis of the initial user for presence of an insider who gained monetary value by allowing the attack to happen

Question 12

What is the steganography anti-forensics technique?

Options:

A.

hiding a section of a malicious file in unused areas of a file

B.

changing the file header of a malicious file to another file type

C.

sending malicious files over a public network by encapsulation

D.

concealing malicious files in ordinary or unsuspecting places

Page: 3 / 9
Total 115 questions