Exam Logo

Cisco (300-215-CBRFIR) Exam Questions And Answers page 5

Which tool is used for reverse engineering malware?
Malware Analysis Incident Response

Refer to the exhibit. Which encoding technique is represented by this HEX string?
Network Forensics Malware Analysis

Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.)
Introduction to Forensic Analysis and Incident Response Incident Response
A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the manual process used to find how many files failed to download is time-consuming. The administrator is working on a PowerShell script that will parse a log file and summarize how many files were successfully downloaded versus ones that failed. Which script will read the contents of the file one line at a time and return a collection of objects?
Introduction to Forensic Analysis and Incident Response Host Forensics
An employee receives an email from a trusted person containing a hyperlink that is malvertising. The employee clicks the link and the malware downloads. An information analyst observes an alert at the SIEM and engages the cybersecurity team to conduct an analysis of this incident in accordance with the incident response plan. Which event detail should be included in this root cause analysis?
Introduction to Forensic Analysis and Incident Response Incident Response
A security team received reports of users receiving emails linked to external or unknown URLs that are non-returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident? (Choose two.)
Introduction to Forensic Analysis and Incident Response Incident Response

Refer to the exhibit. An employee notices unexpected changes and setting modifications on their workstation and creates an incident ticket. A support specialist checks processes and services but does not identify anything suspicious. The ticket was escalated to an analyst who reviewed this event log and also discovered that the workstation had multiple large data dumps on network shares. What should be determined from this information?
Introduction to Forensic Analysis and Incident Response Incident Response

Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)
Network Forensics Malware Analysis

Refer to the exhibit. What should be determined from this Apache log?
Introduction to Forensic Analysis and Incident Response Incident Response

Refer to the exhibit. Which two actions should be taken as a result of this information? (Choose two.)
Introduction to Forensic Analysis and Incident Response Incident Response