Cisco 300-215 - Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Exam
Page: 2 / 12
Total 59 questions
Question #6 (Topic: Single Topic)
Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console?
A.
B.
C.
D.
A.
B.
C.
D.
Answer: A
Question #7 (Topic: Single Topic)
What is the transmogrify anti-forensics technique?
A. hiding a section of a malicious file in unused areas of a file
B. sending malicious files over a public network by encapsulation
C. concealing malicious files in ordinary or unsuspecting places
D. changing the file header of a malicious file to another file type
Answer: D
Question #8 (Topic: Single Topic)
What is the steganography anti-forensics technique?
A. hiding a section of a malicious file in unused areas of a file
B. changing the file header of a malicious file to another file type
C. sending malicious files over a public network by encapsulation
D. concealing malicious files in ordinary or unsuspecting places
Answer: A
Question #9 (Topic: Single Topic)
A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a
centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)
centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)
A. Inspect registry entries
B. Inspect processes.
C. Inspect file hash.
D. Inspect file type.
E. Inspect PE header.
Answer: BC
Question #10 (Topic: Single Topic)
Refer to the exhibit. An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious. What is
the next step an engineer should take?
A. Delete the suspicious email with the attachment as the file is a shortcut extension and does not represent any threat.
B. Upload the file to a virus checking engine to compare with well-known viruses as the file is a virus disguised as a legitimate extension.
C. Quarantine the file within the endpoint antivirus solution as the file is a ransomware which will encrypt the documents of a victim.
D. Open the file in a sandbox environment for further behavioral analysis as the file contains a malicious script that runs on execution.
Answer: D
