Cisco 300-215 CBRFIR Exam Practice Test Instant Access

Question 1

An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?

Aimpact and flow

Bcause and effect

Crisk and RPN

Dmotive and factors

Answer : D

Question 2

Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?

Aprocess injection

Bprivilege escalation

CGPO modification

Dtoken manipulation

Answer : A

Question 3

A threat actor attempts to avoid detection by turning data into a code that shifts numbers to the right four times. Which anti-forensics technique is being used?

Aencryption

Btunneling

Cobfuscation

Dpoisoning

Answer : C

#:~:text=Obfuscation%20of%20character%20strings%20is,data%20when%20the%20code%20executes.

Question 4

Which information is provided bout the object file by the ''-h'' option in the objdump line command objdump --b oasys --m vax --h fu.o?

Abfdname

Bdebugging

Chelp

Dheaders

Answer : D

Question 5

An incident response team is recommending changes after analyzing a recent compromise in which:

a large number of events and logs were involved;

team members were not able to identify the anomalous behavior and escalate it in a timely manner;

several network systems were affected as a result of the latency in detection;

security engineers were able to mitigate the threat and bring systems back to a stable state; and

the issue reoccurred shortly after and systems became unstable again because the correct information was not gathered during the initial identification phase.

Which two recommendations should be made for improving the incident response process? (Choose two.)

AFormalize reporting requirements and responsibilities to update management and internal stakeholders throughout the incident-handling process effectively.

BImprove the mitigation phase to ensure causes can be quickly identified, and systems returned to a functioning state.

CImplement an automated operation to pull systems events/logs and bring them into an organizational context.

DAllocate additional resources for the containment phase to stabilize systems in a timely manner and reduce an attack's breadth.

EModify the incident handling playbook and checklist to ensure alignment and agreement on roles, responsibilities, and steps before an incident occurs.

Answer : C, E

Question 6

A security team received an alert of suspicious activity on a user's Internet browser. The user's anti-virus software indicated that the file attempted to create a fake recycle bin folder and connect to an external IP address. Which two actions should be taken by the security analyst with the executable file for further analysis? (Choose two.)

AEvaluate the process activity in Cisco Umbrella.

BAnalyze the TCP/IP Streams in Cisco Secure Malware Analytics (Threat Grid).

CEvaluate the behavioral indicators in Cisco Secure Malware Analytics (Threat Grid).

DAnalyze the Magic File type in Cisco Umbrella.

ENetwork Exit Localization in Cisco Secure Malware Analytics (Threat Grid).

Answer : B, C

Question 7

What is the goal of an incident response plan?

Ato identify critical systems and resources in an organization

Bto ensure systems are in place to prevent an attack

Cto determine security weaknesses and recommend solutions

Dto contain an attack and prevent it from spreading

Answer : D

Cisco 300-215 Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies CBRFIR Exam Practice Test