Question No. 1

A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)

AIntroduce a priority rating for incident response workloads.

BProvide phishing awareness training for the fill security team.

CConduct a risk audit of the incident response workflow.

DCreate an executive team delegation plan.

EAutomate security alert timeframes with escalation triggers.

Show Answer

Correct Answer: A, E

Question No. 2

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)

ARestore to a system recovery point.

BReplace the faulty CPU.

CDisconnect from the network.

DFormat the workstation drives.

ETake an image of the workstation.

Show Answer

Correct Answer: A, E

Question No. 3

Refer to the exhibit.

What should an engineer determine from this Wireshark capture of suspicious network traffic?

AThere are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.

BThere are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.

CThere are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.

DThere are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-MAC address mappings as a countermeasure.

Show Answer

Correct Answer: A

Question No. 4

Refer to the exhibit.

A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?

Ahttp.request.un matches

Btls.handshake.type ==1

Ctcp.port eq 25

Dtcp.window_size ==0

Show Answer

Correct Answer: B

https://www.malware-traffic-analysis.net/2018/11/08/index.html https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

Question No. 5

What is a concern for gathering forensics evidence in public cloud environments?

AHigh Cost: Cloud service providers typically charge high fees for allowing cloud forensics.

BConfiguration: Implementing security zones and proper network segmentation.

CTimeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.

DMultitenancy: Evidence gathering must avoid exposure of data from other tenants.

Show Answer

Correct Answer: D

Free Cisco 300-215 Exam Actual Questions

The questions for 300-215 were last updated On May 3, 2024