300-215試験無料問題集（118題）「Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps 認定」

出題：1

Refer to the exhibit.

A security analyst is reviewing alerts from the SIEM system that was just implemented and notices a possible indication of an attack because the SSHD system just went live and there should be nobody using it. Which action should the analyst take to respond to the alert?

A. Immediately block the IP address 192.168.1.100 from accessing the SSHD environment.

B. Reset the admin password in SSHD to prevent unauthorized access to the system at scale.

C. Investigate the alert by checking SSH logs and correlating with other relevant data in SIEM.

D. Ignore the alert and continue monitoring for further activity because the system was just implemented.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A company had a recent data leak incident. A security engineer investigating the incident discovered that a malicious link was accessed by multiple employees. Further investigation revealed targeted phishing attack attempts on macOS systems, which led to backdoor installations and data compromise. Which two security solutions should a security engineer recommend to mitigate similar attacks in the future? (Choose two.)

A. intrusion prevention system

B. endpoint detection and response

C. data loss prevention

D. secure email gateway

E. web application firewall

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Refer to the exhibit.

What should be determined from this Apache log?

A. The SSL traffic setup is improper

B. The certificate file has been maliciously modified

C. A module named mod_ssl is needed to make SSL connections.

D. The private key does not match with the SSL certificate.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

An investigator notices that GRE packets are going undetected over the public network. What is occurring?

A. encryption

B. tunneling

C. steganography

D. decryption

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the manual process used to find how many files failed to download is time-consuming. The administrator is working on a PowerShell script that will parse a log file and summarize how many files were successfully downloaded versus ones that failed. Which script will read the contents of the file one line at a time and return a collection of objects?

A. Get-Content-Folder \Server\FTPFolder\Logfiles\ftpfiles.log | Show-From "ERROR", "SUCCESS"

B. Get-Content -Path \Server\FTPFolder\Logfiles\ftpfiles.log | Select-String "ERROR", "SUCCESS"

C. Get-Content -Directory \Server\FTPFolder\Logfiles\ftpfiles.log | Export-Result "ERROR",
"SUCCESS"

D. Get-Content -ifmatch \Server\FTPFolder\Logfiles\ftpfiles.log | Copy-Marked "ERROR", "SUCCESS"

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Refer to the exhibit.

An alert came with a potentially suspicious activity from a machine in HR department. Which two IOCs should the security analyst flag? (Choose two.)

A. WScript.exe acting as a parent of cmd.exe

B. cmd.exe executing from \Device\HarddiskVolume3\

C. powershell.exe used on HR machine

D. WScript.exe initiated by powershell.exe

E. cmd.exe starting powershell.exe with Base64 conversion

正解：A,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

A. Evaluate the file activity in Cisco Umbrella.

B. Analyze the registry activity section in Cisco Umbrella.

C. Evaluate the artifacts in Cisco Secure Malware Analytics.

D. Analyze the activity paths in Cisco Secure Malware Analytics.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file's behavior. Which logs should be reviewed next to evaluate this file further?

A. email security appliance

B. Antivirus solution

C. network device

D. DNS server

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Refer to the exhibit.

What does the exhibit indicate?

A. The new file is created under the Software\Classes disk folder.

B. A UAC bypass is created by modifying user-accessible registry settings.

C. The shell software is modified via PowerShell.

D. A scheduled task named "DelegateExecute" is created.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

What is an antiforensic technique to cover a digital footprint?

A. privilege escalation

B. authentication

C. authorization

D. obfuscation

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

300-215試験無料問題集「Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps 認定」