Get instant access to 300-215 Practice Tests 2021 Free Updated Today! [Q20-Q39]

Share

Get instant access to 300-215 Practice Tests 2021 Free Updated Today!

Welcome to download the newest PassLeader 300-215 PDF dumps ( 60  Q&As)

NEW QUESTION 20
Refer to the exhibit.

According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)

  • A. Domain name:iraniansk.com
  • B. filename= "Fy.exe"
  • C. Server: nginx
  • D. Hash value: 5f31ab113af08=1597090577
  • E. Content-Type: application/octet-stream

Answer: D,E

 

NEW QUESTION 21
Refer to the exhibit.

An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious. What is the next step an engineer should take?

  • A. Quarantine the file within the endpoint antivirus solution as the file is a ransomware which will encrypt the documents of a victim.
  • B. Open the file in a sandbox environment for further behavioral analysis as the file contains a malicious script that runs on execution.
  • C. Upload the file to a virus checking engine to compare with well-known viruses as the file is a virus disguised as a legitimate extension.
  • D. Delete the suspicious email with the attachment as the file is a shortcut extension and does not represent any threat.

Answer: B

 

NEW QUESTION 22
What are YARA rules based upon?

  • A. HTML code
  • B. IP addresses
  • C. binary patterns
  • D. network artifacts

Answer: C

 

NEW QUESTION 23
A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)

  • A. Inspect PE header.
  • B. Inspect file hash.
  • C. Inspect processes.
  • D. Inspect registry entries
  • E. Inspect file type.

Answer: B,C

Explanation:
Explanation/Reference: https://medium.com/@Flying_glasses/top-5-ways-to-detect-malicious-file-manually- d02744f7c43a

 

NEW QUESTION 24
What is the goal of an incident response plan?

  • A. to identify critical systems and resources in an organization
  • B. to contain an attack and prevent it from spreading
  • C. to determine security weaknesses and recommend solutions
  • D. to ensure systems are in place to prevent an attack

Answer: B

 

NEW QUESTION 25
Refer to the exhibit.

What should be determined from this Apache log?

  • A. The certificate file has been maliciously modified
  • B. The SSL traffic setup is improper
  • C. The private key does not match with the SSL certificate.
  • D. A module named mod_ssl is needed to make SSL connections.

Answer: B

 

NEW QUESTION 26
What is a concern for gathering forensics evidence in public cloud environments?

  • A. Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.
  • B. Multitenancy: Evidence gathering must avoid exposure of data from other tenants.
  • C. Configuration: Implementing security zones and proper network segmentation.
  • D. High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.

Answer: B

 

NEW QUESTION 27
An attacker embedded a macro within a word processing file opened by a user in an organization's legal department. The attacker used this technique to gain access to confidential financial dat a. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)

  • A. firewall rules creation
  • B. network access control
  • C. signed macro requirements
  • D. controlled folder access
  • E. removable device restrictions

Answer: C,D

 

NEW QUESTION 28

Refer to the exhibit. According to the SNORT alert, what is the attacker performing?

  • A. brute-force attack against directories and files on the target webserver
  • B. brute-force attack against the web application user accounts
  • C. SQL injection attack against the target webserver
  • D. XSS attack against the target webserver

Answer: A

Explanation:
Explanation

 

NEW QUESTION 29
Refer to the exhibit.

What do these artifacts indicate?

  • A. A forged DNS request is forwarding users to malicious websites.
  • B. A malicious file is redirecting users to different domains.
  • C. An executable file is requesting an application download.
  • D. The MD5 of a file is identified as a virus and is being blocked.

Answer: C

 

NEW QUESTION 30

Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?

  • A. It is exploiting redirect vulnerability
  • B. It is requesting authentication on the user site.
  • C. It is redirecting to a malicious phishing website,
  • D. It is sharing access to files and printers.

Answer: A

 

NEW QUESTION 31
What is the steganography anti-forensics technique?

  • A. changing the file header of a malicious file to another file type
  • B. sending malicious files over a public network by encapsulation
  • C. hiding a section of a malicious file in unused areas of a file
  • D. concealing malicious files in ordinary or unsuspecting places

Answer: C

Explanation:
Reference:
https://blog.eccouncil.org/6-anti-forensic-techniques-that-every-cyber-investigator-dreads/

 

NEW QUESTION 32
Refer to the exhibit.

Which type of code created the snippet?

  • A. Bash Script
  • B. VB Script
  • C. PowerShell
  • D. Python

Answer: B

 

NEW QUESTION 33
An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?

  • A. motive and factors
  • B. cause and effect
  • C. risk and RPN
  • D. impact and flow

Answer: A

 

NEW QUESTION 34
Which magic byte indicates that an analyzed file is a pdf file?

  • A. 0a0ah4cg
  • B. 255044462d
  • C. 0
  • D. cGRmZmlsZQ

Answer: B

 

NEW QUESTION 35
Which tool is used for reverse engineering malware?

  • A. Ghidra
  • B. NMAP
  • C. Wireshark
  • D. SNORT

Answer: A

Explanation:
Explanation/Reference: https://www.nsa.gov/resources/everyone/ghidra/#:~:text=Ghidra%20is%20a%20software%
20reverse,in%20their%20networks%20and%20systems.

 

NEW QUESTION 36
A security team received an alert of suspicious activity on a user's Internet browser. The user's anti-virus software indicated that the file attempted to create a fake recycle bin folder and connect to an external IP address. Which two actions should be taken by the security analyst with the executable file for further analysis? (Choose two.)

  • A. Evaluate the behavioral indicators in Cisco Secure Malware Analytics (Threat Grid).
  • B. Analyze the TCP/IP Streams in Cisco Secure Malware Analytics (Threat Grid).
  • C. Evaluate the process activity in Cisco Umbrella.
  • D. Analyze the Magic File type in Cisco Umbrella.
  • E. Network Exit Localization in Cisco Secure Malware Analytics (Threat Grid).

Answer: A,B

 

NEW QUESTION 37
What is the function of a disassembler?

  • A. aids transforming symbolic language into machine code
  • B. aids performing static malware analysis
  • C. aids viewing and changing the running state
  • D. aids defining breakpoints in program execution

Answer: B

Explanation:
Reference:
+analysis&hl=en&as_sdt=0&as_vis=1&oi=scholart

 

NEW QUESTION 38
A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the manual process used to find how many files failed to download is time-consuming. The administrator is working on a PowerShell script that will parse a log file and summarize how many files were successfully downloaded versus ones that failed. Which script will read the contents of the file one line at a time and return a collection of objects?

  • A. Get-Content-Folder \\Server\FTPFolder\Logfiles\ftpfiles.log | Show-From "ERROR", "SUCCESS"
  • B. Get-Content -Path \\Server\FTPFolder\Logfiles\ftpfiles.log | Select-String "ERROR", "SUCCESS"
  • C. Get-Content -Directory \\Server\FTPFolder\Logfiles\ftpfiles.log | Export-Result "ERROR", "SUCCESS"
  • D. Get-Content -ifmatch \\Server\FTPFolder\Logfiles\ftpfiles.log | Copy-Marked "ERROR", "SUCCESS"

Answer: B

 

NEW QUESTION 39
......

Aug-2021 Latest PassReview 300-215 Exam Dumps with PDF and Exam Engine: https://www.passreview.com/300-215_exam-braindumps.html

Premium Quality Cisco 300-215 Online dumps: https://drive.google.com/open?id=1kgguFNJOwMQX4DBTINGskqi5RN8Q18ij