February/2023 Latest Braindump2go 300-215 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-215 Real Exam Questions!
QUESTION 1
Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?
A. process injection
B. privilege escalation
C. GPO modification++g/
D. token manipulation
Answer: A
QUESTION 2
Refer to the exhibit. An HR department submitted a ticket to the IT helpdesk indicating slow performance on an internal share server. The helpdesk engineer checked the server with a real-time monitoring tool and did not notice anything suspicious. After checking the event logs, the engineer noticed an event that occurred 48 hour prior. Which two indicators of compromise should be determined from this information? (Choose two.)
A. unauthorized system modification
B. privilege escalation
C. denial of service attack
D. compromised root access
E. malware outbreak
Answer: AD
QUESTION 3
Which magic byte indicates that an analyzed file is a pdf file?
A. cGRmZmlsZQ
B. 706466666
C. 255044462d
D. 0a0ah4cg
Answer: C
QUESTION 4
An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?
A. An engineer should check the list of usernames currently logged in by running the command $ who | cut d’ ` -f1| sort | uniq
B. An engineer should check the server’s processes by running commands ps -aux and sudo ps -a.
C. An engineer should check the services on the machine by running the command service -status-all.
D. An engineer should check the last hundred entries of a web server with the command sudo tail -100 / var/log/apache2/access.log.
Answer: D
QUESTION 5
Refer to the exhibit. What do these artifacts indicate?
A. An executable file is requesting an application download.
B. A malicious file is redirecting users to different domains.
C. The MD5 of a file is identified as a virus and is being blocked.
D. A forged DNS request is forwarding users to malicious websites.
Answer: A
QUESTION 6
Refer to the exhibit. According to the SNORT alert, what is the attacker performing?
A. brute-force attack against the web application user accounts
B. XSS attack against the target webserver
C. brute-force attack against directories and files on the target webserver
D. SQL injection attack against the target webserver
Answer: C
QUESTION 7
Refer to the exhibit. Which type of code created the snippet?
A. VB Script
B. Python
C. PowerShell
D. Bash Script
Answer: A
QUESTION 8
Refer to the exhibit. A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event?
A. DNS spoofing; encrypt communication protocols
B. SYN flooding, block malicious packets
C. ARP spoofing; configure port security
D. MAC flooding; assign static entries
Answer: C
QUESTION 9
Refer to the exhibit. Which two actions should be taken as a result of this information? (Choose two.)
A. Update the AV to block any file with hash “cf2b3ad32a8a4cfb05e9dfc45875bd70”.
B. Block all emails sent from an @state.gov address.
C. Block all emails with pdf attachments.
D. Block emails sent from [email protected] with an attached pdf file with md5 hash “cf2b3ad32a8a4cfb05e9dfc45875bd70”.
E. Block all emails with subject containing “cf2b3ad32a8a4cfb05e9dfc45875bd70”.
Answer: AB
QUESTION 10
Refer to the exhibit. What should be determined from this Apache log?
A. A module named mod_ssl is needed to make SSL connections.
B. The private key does not match with the SSL certificate.
C. The certificate file has been maliciously modified
D. The SSL traffic setup is improper
Answer: D
QUESTION 11
Which tool is used for reverse engineering malware?
A. Ghidra
B. SNORT
C. Wireshark
D. NMAP
Answer: A
QUESTION 12
A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file’s behavior. Which logs should be reviewed next to evaluate this file further?
A. email security appliance
B. DNS server
C. Antivirus solution
D. network device
Answer: B
QUESTION 13
What are YARA rules based upon?
A. binary patterns
B. HTML code
C. network artifacts
D. IP addresses
Answer: A
QUESTION 14
Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)
A. Domain name:iraniansk.com
B. Server: nginx
C. Hash value: 5f31ab113af08=1597090577
D. filename= “Fy.exe”
E. Content-Type: application/octet-stream
Answer: CE
QUESTION 15
Refer to the exhibit. Which determination should be made by a security analyst?
A. An email was sent with an attachment named “Grades.doc.exe”.
B. An email was sent with an attachment named “Grades.doc”.
C. An email was sent with an attachment named “Final Report.doc”.
D. An email was sent with an attachment named “Final Report.doc.exe”.
Answer: D
QUESTION 16
A security team received reports of users receiving emails linked to external or unknown URLs that are non-returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident? (Choose two.)
A. verify the breadth of the attack
B. collect logs
C. request packet capture
D. remove vulnerabilities
E. scan hosts with updated signatures
Answer: DE
QUESTION 17
An organization uses a Windows 7 workstation for access tracking in one of their physical data centers on which a guard documents entrance/exit activities of all personnel. A server shut down unexpectedly in this data center, and a security specialist is analyzing the case. Initial checks show that the previous two days of entrance/exit logs are missing, and the guard is confident that the logs were entered on the workstation. Where should the security specialist look next to continue investigating this case?
A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList
C. HKEY_CURRENT_USER\Software\Classes\Winlog
D. HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\WindowsNT\CurrentUser
Answer: A
QUESTION 18
An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?
A. Upload the file signature to threat intelligence tools to determine if the file is malicious.
B. Monitor processes as this a standard behavior of Word macro embedded documents.
C. Contain the threat for further analysis as this is an indication of suspicious activity.
D. Investigate the sender of the email and communicate with the employee to determine the motives.
Answer: A
QUESTION 19
An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the web-server ran out of useable memory and crashed.
Which data is needed for further investigation?
A. /var/log/access.log
B. /var/log/messages.log
C. /var/log/httpd/messages.log
D. /var/log/httpd/access.log
Answer: B
QUESTION 20
Refer to the exhibit. An employee notices unexpected changes and setting modifications on their workstation and creates an incident ticket. A support specialist checks processes and services but does not identify anything suspicious. The ticket was escalated to an analyst who reviewed this event log and also discovered that the workstation had multiple large data dumps on network shares. What should be determined from this information?
A. data obfuscation
B. reconnaissance attack
C. brute-force attack
D. log tampering
Answer: B
QUESTION 21
Refer to the exhibit. A company that uses only the Unix platform implemented an intrusion detection system. After the initial configuration, the number of alerts is overwhelming, and an engineer needs to analyze and classify the alerts. The highest number of alerts were generated from the signature shown in the exhibit. Which classification should the engineer assign to this event?
A. True Negative alert
B. False Negative alert
C. False Positive alert
D. True Positive alert
Answer: C
QUESTION 22
Refer to the exhibit. After a cyber attack, an engineer is analyzing an alert that was missed on the intrusion detection system. The attack exploited a vulnerability in a business critical, web-based application and violated its availability. Which two migration techniques should the engineer recommend? (Choose two.)
A. encapsulation
B. NOP sled technique
C. address space randomization
D. heap-based security
E. data execution prevention
Answer: CE
QUESTION 23
An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team’s approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?
A. impact and flow
B. cause and effect
C. risk and RPN
D. motive and factors
Answer: D
QUESTION 24
Drag and Drop Question
Drag and drop the cloud characteristic from the left onto the challenges presented for gathering evidence on the right.
Answer:
QUESTION 25
Drag and Drop Question
Drag and drop the steps from the left into the order to perform forensics analysis of infrastructure networks on the right.
Answer:
QUESTION 26
Drag and Drop Question
Drag and drop the capabilities on the left onto the Cisco security solutions on the right.
Answer:
QUESTION 27
A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed.
Which two steps will prevent these issues from occurring in the future? (Choose two.)
A. Introduce a priority rating for incident response workloads.
B. Provide phishing awareness training for the fill security team.
C. Conduct a risk audit of the incident response workflow.
D. Create an executive team delegation plan.
E. Automate security alert timeframes with escalation triggers.
Answer: AE
QUESTION 28
An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)
A. Restore to a system recovery point.
B. Replace the faulty CPU.
C. Disconnect from the network.
D. Format the workstation drives.
E. Take an image of the workstation.
Answer: AE
QUESTION 29
Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic?
A. There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.
B. There are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.
C. There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.
D. There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to- MAC address mappings as a countermeasure.
Answer: A
QUESTION 30
Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?
A. http.request.un matches
B. tls.handshake.type ==1
C. tcp.port eq 25
D. tcp.window_size ==0
Answer: B
QUESTION 31
What is a concern for gathering forensics evidence in public cloud environments?
A. High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.
B. Configuration: Implementing security zones and proper network segmentation.
C. Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.
D. Multitenancy: Evidence gathering must avoid exposure of data from other tenants.
Answer: D
Resources From:
1.2023 Latest Braindump2go 300-215 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/300-215.html
2.2023 Latest Braindump2go 300-215 PDF and 300-215 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1a0_XVjCCLFVprs3-rwfVFA53-FP7NhkV?usp=share_link
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!