Cisco 300-215 - Cisco Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies Certification Exam
Question #1 (Topic: demo questions)
What is a concern for gathering forensics evidence in public cloud environments?
Correct Answer: D
Explanation not available for this question.
Question #2 (Topic: demo questions)
A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?
Correct Answer: B
Explanation not available for this question.
Question #3 (Topic: demo questions)
What should an engineer determine from this Wireshark capture of suspicious network traffic?
Correct Answer: D
Explanation not available for this question.
Question #4 (Topic: demo questions)
Anengineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should theengineer take? (Choose two.)
Correct Answer: A, E
Explanation not available for this question.
Question #5 (Topic: demo questions)
Asecurity team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response tooksix hours due to management being unavailable to provide the approvals needed. Which two stepswill prevent these issues from occurring in the future? (Choose two.)
Correct Answer: A, E
Explanation not available for this question.