300-215試験無料問題集（118題）「Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps 認定」

出題：1

An "unknown error code" is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?

A. /var/log/syslog.log

B. /var/log/general/log

C. /var/log/vmksummary.log

D. /var/log/shell.log

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A threat actor has successfully attacked an organization and gained access to confidential files on a laptop.
What plan should the organization initiate to contain the attack and prevent it from spreading to other network devices?

A. root cause

B. attack surface

C. intrusion prevention

D. incident response

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Refer to the exhibit.

Which determination should be made by a security analyst?

A. An email was sent with an attachment named "Final Report.doc".

B. An email was sent with an attachment named "Grades.doc.exe".

C. An email was sent with an attachment named "Grades.doc".

D. An email was sent with an attachment named "Final Report.doc.exe".

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A. Evaluate the file activity in Cisco Umbrella.

B. Analyze the registry activity section in Cisco Umbrella.

C. Evaluate the artifacts in Cisco Secure Malware Analytics.

D. Analyze the activity paths in Cisco Secure Malware Analytics.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Refer to the exhibit.

What is the indicator of compromise?

A. MD5 file hash

B. indicator type: malicious-activity

C. SHA256 file hash

D. indicator ID: malware--a932fcc6-e032-476c-826f-cb970a569bce

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Refer to the exhibit.

Which element in this email is an indicator of attack?

A. content-Type: multipart/mixed

B. subject: "Service Credit Card"

C. attachment: "Card-Refund"

D. IP Address: 202.142.155.218

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

A malware outbreak revealed that a firewall was misconfigured, allowing external access to the SharePoint server. What should the security team do next?

A. Scan for and fix vulnerabilities on the firewall and server

B. Review and update all firewall rules and the network security policy

C. Harden the SharePoint server

D. Disable external IP communications on all firewalls

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Refer to the exhibit.

Which two actions should be taken based on the intelligence information? (Choose two.)

A. Block network access to all .shop domains

B. Use the DNS server to block hole all .shop requests.

C. Add a SIEM rule to alert on connections to identified domains.

D. Block network access to identified domains.

E. Route traffic from identified domains to block hole.

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A company had a recent data leak incident. A security engineer investigating the incident discovered that a malicious link was accessed by multiple employees. Further investigation revealed targeted phishing attack attempts on macOS systems, which led to backdoor installations and data compromise. Which two security solutions should a security engineer recommend to mitigate similar attacks in the future? (Choose two.)

A. intrusion prevention system

B. endpoint detection and response

C. data loss prevention

D. secure email gateway

E. web application firewall

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Refer to the exhibit.

What does the exhibit indicate?

A. The new file is created under the Software\Classes disk folder.

B. A UAC bypass is created by modifying user-accessible registry settings.

C. The shell software is modified via PowerShell.

D. A scheduled task named "DelegateExecute" is created.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

300-215試験無料問題集「Cisco Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps 認定」