Selected 300-215 CyberOps Professional Questions Answers

Generic Routing Encapsulation (GRE) is a tunneling protocol used to encapsulate a wide variety of network layer protocols inside point-to-point connections. If packets encapsulated with GRE are bypassing monitoring tools, it's likely due to tunneling—where payloads are hidden within another protocol. Tunneling can obscure malicious content or lateral movement in a network and is a common method used in data exfiltration.

Process injectionis a tactic where malicious code is inserted into the memory space of another process, enabling it to run with the privileges and context of a legitimate application. The Cisco study guide explains that this method allows malware to "hide in plain sight" within trusted processes and evade endpoint detection and response (EDR) tools.

It specifically notes:"Process injection techniques allow malware to execute within the memory space of a legitimate process, avoiding detection and taking advantage of the process's permissions.".