Exam Logo

Cisco (300-215-CBRFIR) Exam Questions And Answers page 1

Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console?
Network Forensics Host Forensics

Refer to the exhibit. Which element in this email is an indicator of attack?
Introduction to Forensic Analysis and Incident Response Malware Analysis
An attacker embedded a macro within a word processing file opened by a user in an organization s legal department. The attacker used this technique to gain access to confidential financial data. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)
Network Forensics Malware Analysis
A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)
Introduction to Forensic Analysis and Incident Response Incident Response
What is a concern for gathering forensics evidence in public cloud environments?
Introduction to Forensic Analysis and Incident Response Incident Response

Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?
Network Forensics Malware Analysis
Over the last year, an organization s HR department has accessed data from its legal department on the last day of each month to create a monthly activity report. An engineer is analyzing suspicious activity alerted by a threat intelligence platform that an authorized user in the HR department has accessed legal data daily for the last week. The engineer pulled the network data from the legal department s shared folders and discovered above average-size data dumps. Which threat actor is implied from these artifacts?
Introduction to Forensic Analysis and Incident Response Network Forensics

Refer to the exhibit. According to the SNORT alert, what is the attacker performing?
Introduction to Forensic Analysis and Incident Response Incident Response

Refer to the exhibit. What is the IOC threat and URL in this STIX JSON snippet?
Introduction to Forensic Analysis and Incident Response Incident Response

Refer to the exhibit. An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious. What is the next step an engineer should take?
Network Forensics Malware Analysis