Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
 

Cisco 300-215 Exam Actual Questions

The questions for 300-215 were last updated on Nov. 21, 2024.
  • Viewing page 1 out of 15 pages.
  • Viewing questions 1-4 out of 59 questions
 

Topic 1 - Single Topic

Question #1 Topic 1

A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)

  • A. Introduce a priority rating for incident response workloads.
  • B. Provide phishing awareness training for the fill security team.
  • C. Conduct a risk audit of the incident response workflow.
  • D. Create an executive team delegation plan.
  • E. Automate security alert timeframes with escalation triggers.
Reveal Solution Hide Solution   Discussion   3

Correct Answer: AE 🗳️

Question #2 Topic 1

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)

  • A. Restore to a system recovery point.
  • B. Replace the faulty CPU.
  • C. Disconnect from the network.
  • D. Format the workstation drives.
  • E. Take an image of the workstation.
Reveal Solution Hide Solution   Discussion   4

Correct Answer: AE 🗳️

Question #3 Topic 1


Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic?

  • A. There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.
  • B. There are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.
  • C. There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.
  • D. There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-MAC address mappings as a countermeasure.
Reveal Solution Hide Solution   Discussion   2

Correct Answer: A 🗳️

Question #4 Topic 1


Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?

  • A. http.request.un matches
  • B. tls.handshake.type ==1
  • C. tcp.port eq 25
  • D. tcp.window_size ==0
Reveal Solution Hide Solution   Discussion   2

Correct Answer: B 🗳️
Reference:
https://www.malware-traffic-analysis.net/2018/11/08/index.html https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

Next Questions

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel