Get instant access to 300-215 Practice Tests 2021 Free Updated Today!
Welcome to download the newest PassLeader 300-215 PDF dumps ( 60 Q&As)
NEW QUESTION 20
Refer to the exhibit.
According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)
- A. Domain name:iraniansk.com
- B. filename= "Fy.exe"
- C. Server: nginx
- D. Hash value: 5f31ab113af08=1597090577
- E. Content-Type: application/octet-stream
Answer: D,E
NEW QUESTION 21
Refer to the exhibit.
An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious. What is the next step an engineer should take?
- A. Quarantine the file within the endpoint antivirus solution as the file is a ransomware which will encrypt the documents of a victim.
- B. Open the file in a sandbox environment for further behavioral analysis as the file contains a malicious script that runs on execution.
- C. Upload the file to a virus checking engine to compare with well-known viruses as the file is a virus disguised as a legitimate extension.
- D. Delete the suspicious email with the attachment as the file is a shortcut extension and does not represent any threat.
Answer: B
NEW QUESTION 22
What are YARA rules based upon?
- A. HTML code
- B. IP addresses
- C. binary patterns
- D. network artifacts
Answer: C
NEW QUESTION 23
A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)
- A. Inspect PE header.
- B. Inspect file hash.
- C. Inspect processes.
- D. Inspect registry entries
- E. Inspect file type.
Answer: B,C
Explanation:
Explanation/Reference: https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually- d02744f7c43a
NEW QUESTION 24
What is the goal of an incident response plan?
- A. to identify critical systems and resources in an organization
- B. to contain an attack and prevent it from spreading
- C. to determine security weaknesses and recommend solutions
- D. to ensure systems are in place to prevent an attack
Answer: B
NEW QUESTION 25
Refer to the exhibit.
What should be determined from this Apache log?
- A. The certificate file has been maliciously modified
- B. The SSL traffic setup is improper
- C. The private key does not match with the SSL certificate.
- D. A module named mod_ssl is needed to make SSL connections.
Answer: B
NEW QUESTION 26
What is a concern for gathering forensics evidence in public cloud environments?
- A. Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.
- B. Multitenancy: Evidence gathering must avoid exposure of data from other tenants.
- C. Configuration: Implementing security zones and proper network segmentation.
- D. High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.
Answer: B
NEW QUESTION 27
An attacker embedded a macro within a word processing file opened by a user in an organization's legal department. The attacker used this technique to gain access to confidential financial dat a. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)
- A. firewall rules creation
- B. network access control
- C. signed macro requirements
- D. controlled folder access
- E. removable device restrictions
Answer: C,D
NEW QUESTION 28 
Refer to the exhibit. According to the SNORT alert, what is the attacker performing?
- A. brute-force attack against directories and files on the target webserver
- B. brute-force attack against the web application user accounts
- C. SQL injection attack against the target webserver
- D. XSS attack against the target webserver
Answer: A
Explanation:
Explanation
NEW QUESTION 29
Refer to the exhibit.
What do these artifacts indicate?
- A. A forged DNS request is forwarding users to malicious websites.
- B. A malicious file is redirecting users to different domains.
- C. An executable file is requesting an application download.
- D. The MD5 of a file is identified as a virus and is being blocked.
Answer: C
NEW QUESTION 30 
Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?
- A. It is exploiting redirect vulnerability
- B. It is requesting authentication on the user site.
- C. It is redirecting to a malicious phishing website,
- D. It is sharing access to files and printers.
Answer: A
NEW QUESTION 31
What is the steganography anti-forensics technique?
- A. changing the file header of a malicious file to another file type
- B. sending malicious files over a public network by encapsulation
- C. hiding a section of a malicious file in unused areas of a file
- D. concealing malicious files in ordinary or unsuspecting places
Answer: C
Explanation:
Reference:
https://blog.eccouncil.org/6-anti-forensic-techniques-that-every-cyber-investigator-dreads/
NEW QUESTION 32
Refer to the exhibit.
Which type of code created the snippet?
- A. Bash Script
- B. VB Script
- C. PowerShell
- D. Python
Answer: B
NEW QUESTION 33
An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?
- A. motive and factors
- B. cause and effect
- C. risk and RPN
- D. impact and flow
Answer: A
NEW QUESTION 34
Which magic byte indicates that an analyzed file is a pdf file?
- A. 0a0ah4cg
- B. 255044462d
- C. 0
- D. cGRmZmlsZQ
Answer: B
NEW QUESTION 35
Which tool is used for reverse engineering malware?
- A. Ghidra
- B. NMAP
- C. Wireshark
- D. SNORT
Answer: A
Explanation:
Explanation/Reference: https://www.nsa.gov/resources/everyone/ghidra/#:~:text=Ghidra%20is%20a%20software%
20reverse,in%20their%20networks%20and%20systems.
NEW QUESTION 36
A security team received an alert of suspicious activity on a user's Internet browser. The user's anti-virus software indicated that the file attempted to create a fake recycle bin folder and connect to an external IP address. Which two actions should be taken by the security analyst with the executable file for further analysis? (Choose two.)
- A. Evaluate the behavioral indicators in Cisco Secure Malware Analytics (Threat Grid).
- B. Analyze the TCP/IP Streams in Cisco Secure Malware Analytics (Threat Grid).
- C. Evaluate the process activity in Cisco Umbrella.
- D. Analyze the Magic File type in Cisco Umbrella.
- E. Network Exit Localization in Cisco Secure Malware Analytics (Threat Grid).
Answer: A,B
NEW QUESTION 37
What is the function of a disassembler?
- A. aids transforming symbolic language into machine code
- B. aids performing static malware analysis
- C. aids viewing and changing the running state
- D. aids defining breakpoints in program execution
Answer: B
Explanation:
Reference:
+analysis&hl=en&as_sdt=0&as_vis=1&oi=scholart
NEW QUESTION 38
A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the manual process used to find how many files failed to download is time-consuming. The administrator is working on a PowerShell script that will parse a log file and summarize how many files were successfully downloaded versus ones that failed. Which script will read the contents of the file one line at a time and return a collection of objects?
- A. Get-Content-Folder \\Server\FTPFolder\Logfiles\ftpfiles.log | Show-From "ERROR", "SUCCESS"
- B. Get-Content -Path \\Server\FTPFolder\Logfiles\ftpfiles.log | Select-String "ERROR", "SUCCESS"
- C. Get-Content -Directory \\Server\FTPFolder\Logfiles\ftpfiles.log | Export-Result "ERROR", "SUCCESS"
- D. Get-Content -ifmatch \\Server\FTPFolder\Logfiles\ftpfiles.log | Copy-Marked "ERROR", "SUCCESS"
Answer: B
NEW QUESTION 39
......
Aug-2021 Latest PassReview 300-215 Exam Dumps with PDF and Exam Engine: https://www.passreview.com/300-215_exam-braindumps.html
Premium Quality Cisco 300-215 Online dumps: https://drive.google.com/open?id=1kgguFNJOwMQX4DBTINGskqi5RN8Q18ij