Free Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Exam 300-215 Exam Practice Test

A network host is infected with malware by an attacker who uses the host to make calls for files and shuttle traffic to bots. This attack went undetected and resulted in a significant loss. The organization wants to ensure this does not happen in the future and needs a security solution that will generate alerts when command and control communication from an infected device is detected. Which network security solution should be recommended?A . Cisco Secure Firewall ASAB . Cisco Secure Firewall Threat Defense (Firepower)C . Cisco Secure Email Gateway (ESA)D . Cisco Secure Web Appliance (WSA)

Which tool conducts memory analysis?A . MemDumpB . Sysinternals AutorunsC . VolatilityD . Memoryze

A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)A . Inspect registry entriesB . Inspect processes.C . Inspect file hash.D . Inspect file type.E . Inspect PE header.

An ''unknown error code'' is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?A . /var/log/syslog.logB . /var/log/vmksummary.logC . var/log/shell.logD . var/log/general/log

Over the last year, an organization's HR department has accessed data from its legal department on the last day of each month to create a monthly activity report. An engineer is analyzing suspicious activity alerted by a threat intelligence platform that an authorized user in the HR department has accessed legal data daily for the last week. The engineer pulled the network data from the legal department's shared folders and discovered above average-size data dumps. Which threat actor is implied from these artifacts?A . privilege escalationB . internal user errorsC . malicious insiderD . external exfiltration

What is the transmogrify anti-forensics technique?A . hiding a section of a malicious file in unused areas of a fileB . sending malicious files over a public network by encapsulationC . concealing malicious files in ordinary or unsuspecting placesD . changing the file header of a malicious file to another file type

Which information is provided bout the object file by the ''-h'' option in the objdump line command objdump --b oasys --m vax --h fu.o?A . bfdnameB . debuggingC . helpD . headers

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)A . Restore to a system recovery point.B . Replace the faulty CPU.C . Disconnect from the network.D . Format the workstation drives.E . Take an image of the workstation.

An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?A . Upload the file signature to threat intelligence tools to determine if the file is malicious.B . Monitor processes as this a standard behavior of Word macro embedded documents.C . Contain the threat for further analysis as this is an indication of suspicious activity.D . Investigate the sender of the email and communicate with the employee to determine the motives.

Refer to the exhibit.function decrypt(cn/pted. key) On Error Resume NextUUf = cwpted sJs = "' ! !! wWLu = '”FETw = 1far i=1 to Ien(UUTif ( asc(mid(UUF, i. 1)] ›• 47 and asc(mid(UUf, i. 1)] < 58] then sJs = sJs + mid(UUf. i. 1) II!FETw = 1elseif FETw = 1 then NEL = Clnt (sJs] !VIxJ = XOR Func(NEL. kev) !!!wWLu = wWLu + Chr(VIxJ) !!!end if sJs = "”FETw = 0end ifvkB = bEBk or CFcnextdecwpt = wWLuend functionfunction XOR_Func(qit. ANF)On Error Resume Next sCLx = qit xor ANF XOR Func = sCLxend functionWhich type of code created the snippet?A . VB ScriptB . PythonC . PowerShellD . Bash Script