Cisco 300-215 Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies CBRFIR Exam Practice Test

Page: 1 / 14
Total 59 questions

Question 1

Refer to the exhibit.

An HR department submitted a ticket to the IT helpdesk indicating slow performance on an internal share server. The helpdesk engineer checked the server with a real-time monitoring tool and did not notice anything suspicious. After checking the event logs, the engineer noticed an event that occurred 48 hour prior. Which two indicators of compromise should be determined from this information? (Choose two.)



Answer : A, D

Question 2

Which magic byte indicates that an analyzed file is a pdf file?



Answer : C

Question 3

An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?



Answer : D

Question 4

Refer to the exhibit.

What do these artifacts indicate?



Answer : A

Question 5

Refer to the exhibit.

According to the SNORT alert, what is the attacker performing?



Answer : C

Page:    1 / 14   
Total 59 questions