300-215試験無料問題集（60題）「Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps 認定」

出題：1

An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?

A. impact and flow

B. risk and RPN

C. motive and factors

D. cause and effect

正解：C 解答を投票する

出題：2

Refer to the exhibit.

Which two actions should be taken as a result of this information? (Choose two.)

A. Block emails sent from [email protected] with an attached pdf file with md5 hash "cf2b3ad32a8a4cfb05e9dfc45875bd70".

B. Block all emails with subject containing "cf2b3ad32a8a4cfb05e9dfc45875bd70".

C. Block all emails with pdf attachments.

D. Block all emails sent from an @state.gov address.

E. Update the AV to block any file with hash "cf2b3ad32a8a4cfb05e9dfc45875bd70".

正解：D,E 解答を投票する

出題：3

An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?

A. Upload the file signature to threat intelligence tools to determine if the file is malicious.

B. Investigate the sender of the email and communicate with the employee to determine the motives.

C. Monitor processes as this a standard behavior of Word macro embedded documents.

D. Contain the threat for further analysis as this is an indication of suspicious activity.

正解：A 解答を投票する

出題：4

Refer to the exhibit.

Which type of code created the snippet?

A. VB Script

B. Python

C. PowerShell

D. Bash Script

正解：A 解答を投票する

出題：5

Which tool conducts memory analysis?

A. Volatility

B. Sysinternals Autoruns

C. Memoryze

D. MemDump

正解：A 解答を投票する

出題：6

Over the last year, an organization's HR department has accessed data from its legal department on the last day of each month to create a monthly activity report. An engineer is analyzing suspicious activity alerted by a threat intelligence platform that an authorized user in the HR department has accessed legal data daily for the last week. The engineer pulled the network data from the legal department's shared folders and discovered above average-size data dumps. Which threat actor is implied from these artifacts?

A. internal user errors

B. malicious insider

C. privilege escalation

D. external exfiltration

正解：B 解答を投票する

300-215試験無料問題集「Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps 認定」