Free Practice Questions for Cisco 300-215 Exam

An organization uses a Windows 7 workstation for access tracking in one of their physical data centers on which a guard documents entrance/exit activities of all personnel. A server shut down unexpectedly in this data center, and a security specialist is analyzing the case. Initial checks show that the previous two days of entrance/exit logs are missing, and the guard is confident that the logs were entered on the workstation. Where should the security specialist look next to continue investigating this case?A . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonB . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileListC . HKEY_CURRENT_USER\Software\Classes\WinlogD . HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\WindowsNT\CurrentUser

Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?A . process injectionB . privilege escalationC . GPO modificationD . token manipulation

Which tool is used for reverse engineering malware?A . GhidraB . SNORTC . WiresharkD . NMAP

A security team detected an above-average amount of inbound tcp/135 connection attempts from unidentified senders. The security team is responding based on their incident response playbook. Which two elements are part of the eradication phase for this incident? (Choose two.)A . anti-malware softwareB . data and workload isolationC . centralized user managementD . intrusion prevention systemE . enterprise block listing solution

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)A . Restore to a system recovery point.B . Replace the faulty CPU.C . Disconnect from the network.D . Format the workstation drives.E . Take an image of the workstation.

A security team received reports of users receiving emails linked to external or unknown URLs that are non- returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident? (Choose two.)A . verify the breadth of the attackB . collect logsC . request packet captureD . remove vulnerabilitiesE . scan hosts with updated signatures

An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?A . An engineer should check the list of usernames currently logged in by running the command $ who | cut -- d' ' -f1| sort | uniqB . An engineer should check the server's processes by running commands ps -aux and sudo ps -a.C . An engineer should check the services on the machine by running the command service -status-all.D . An engineer should check the last hundred entries of a web server with the command sudo tail -100/var/ log/apache2/access.log.

Which magic byte indicates that an analyzed file is a pdf file?A . cGRmZmlsZQ B. 706466666C . 255044462dD . 0a0ah4cg

An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the web-server ran out of useable memory and crashed.Which data is needed for further investigation?A . /var/log/access.logB . /var/log/messages.logC . /var/log/httpd/messages.logD . /var/log/httpd/access.log

A network host is infected with malware by an attacker who uses the host to make calls for files and shuttle traffic to bots. This attack went undetected and resulted in a significant loss. The organization wants to ensure this does not happen in the future and needs a security solution that will generate alerts when command and control communication from an infected device is detected. Which network security solution should be recommended?A . Cisco Secure Firewall ASAB . Cisco Secure Firewall Threat Defense (Firepower)C . Cisco Secure Email Gateway (ESA)D . Cisco Secure Web Appliance (WSA)