This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Thu May 9 12:49:55 2024 / +0000 GMT ___________________________________________________ Title: [February-2023]Valid Braindump2go 300-215 Exam PDF and VCE 300-215 60Q Offer[Q1-Q31] --------------------------------------------------- February/2023 Latest Braindump2go 300-215 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-215 Real Exam Questions!QUESTION 1Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?A. process injectionB. privilege escalationC. GPO modification++g/ D. token manipulationAnswer: AQUESTION 2Refer to the exhibit. An HR department submitted a ticket to the IT helpdesk indicating slow performance on an internal share server. The helpdesk engineer checked the server with a real-time monitoring tool and did not notice anything suspicious. After checking the event logs, the engineer noticed an event that occurred 48 hour prior. Which two indicators of compromise should be determined from this information? (Choose two.) A. unauthorized system modificationB. privilege escalationC. denial of service attackD. compromised root accessE. malware outbreakAnswer: ADQUESTION 3Which magic byte indicates that an analyzed file is a pdf file?A. cGRmZmlsZQB. 706466666C. 255044462dD. 0a0ah4cgAnswer: CQUESTION 4An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?A. An engineer should check the list of usernames currently logged in by running the command $ who | cut ­d' ` -f1| sort | uniqB. An engineer should check the server's processes by running commands ps -aux and sudo ps -a.C. An engineer should check the services on the machine by running the command service -status-all.D. An engineer should check the last hundred entries of a web server with the command sudo tail -100 / var/log/apache2/access.log.Answer: DQUESTION 5Refer to the exhibit. What do these artifacts indicate? A. An executable file is requesting an application download.B. A malicious file is redirecting users to different domains.C. The MD5 of a file is identified as a virus and is being blocked.D. A forged DNS request is forwarding users to malicious websites.Answer: AQUESTION 6Refer to the exhibit. According to the SNORT alert, what is the attacker performing? A. brute-force attack against the web application user accountsB. XSS attack against the target webserverC. brute-force attack against directories and files on the target webserverD. SQL injection attack against the target webserverAnswer: CQUESTION 7Refer to the exhibit. Which type of code created the snippet? A. VB ScriptB. PythonC. PowerShellD. Bash ScriptAnswer: AQUESTION 8Refer to the exhibit. A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event? A. DNS spoofing; encrypt communication protocolsB. SYN flooding, block malicious packetsC. ARP spoofing; configure port securityD. MAC flooding; assign static entriesAnswer: CQUESTION 9Refer to the exhibit. Which two actions should be taken as a result of this information? (Choose two.) A. Update the AV to block any file with hash "cf2b3ad32a8a4cfb05e9dfc45875bd70".B. Block all emails sent from an @state.gov address.C. Block all emails with pdf attachments.D. Block emails sent from Admin@state.net with an attached pdf file with md5 hash "cf2b3ad32a8a4cfb05e9dfc45875bd70".E. Block all emails with subject containing "cf2b3ad32a8a4cfb05e9dfc45875bd70".Answer: ABQUESTION 10Refer to the exhibit. What should be determined from this Apache log? A. A module named mod_ssl is needed to make SSL connections.B. The private key does not match with the SSL certificate.C. The certificate file has been maliciously modifiedD. The SSL traffic setup is improperAnswer: DQUESTION 11Which tool is used for reverse engineering malware?A. GhidraB. SNORTC. WiresharkD. NMAPAnswer: AQUESTION 12A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file's behavior. Which logs should be reviewed next to evaluate this file further?A. email security applianceB. DNS serverC. Antivirus solutionD. network deviceAnswer: BQUESTION 13What are YARA rules based upon?A. binary patternsB. HTML codeC. network artifactsD. IP addressesAnswer: AQUESTION 14Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.) A. Domain name:iraniansk.comB. Server: nginxC. Hash value: 5f31ab113af08=1597090577D. filename= "Fy.exe"E. Content-Type: application/octet-streamAnswer: CEQUESTION 15Refer to the exhibit. Which determination should be made by a security analyst? A. An email was sent with an attachment named "Grades.doc.exe".B. An email was sent with an attachment named "Grades.doc".C. An email was sent with an attachment named "Final Report.doc".D. An email was sent with an attachment named "Final Report.doc.exe".Answer: DQUESTION 16A security team received reports of users receiving emails linked to external or unknown URLs that are non-returnable and non-deliverable. The ISP also reported a 500% increase in the amount of ingress and egress email traffic received. After detecting the problem, the security team moves to the recovery phase in their incident response plan. Which two actions should be taken in the recovery phase of this incident? (Choose two.)A. verify the breadth of the attackB. collect logsC. request packet captureD. remove vulnerabilitiesE. scan hosts with updated signaturesAnswer: DEQUESTION 17An organization uses a Windows 7 workstation for access tracking in one of their physical data centers on which a guard documents entrance/exit activities of all personnel. A server shut down unexpectedly in this data center, and a security specialist is analyzing the case. Initial checks show that the previous two days of entrance/exit logs are missing, and the guard is confident that the logs were entered on the workstation. Where should the security specialist look next to continue investigating this case?A. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonB. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionProfileListC. HKEY_CURRENT_USERSoftwareClassesWinlogD. HKEY_LOCAL_MACHINESSOFTWAREMicrosoftWindowsNTCurrentUserAnswer: AQUESTION 18An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?A. Upload the file signature to threat intelligence tools to determine if the file is malicious.B. Monitor processes as this a standard behavior of Word macro embedded documents.C. Contain the threat for further analysis as this is an indication of suspicious activity.D. Investigate the sender of the email and communicate with the employee to determine the motives.Answer: AQUESTION 19An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the web-server ran out of useable memory and crashed.Which data is needed for further investigation?A. /var/log/access.logB. /var/log/messages.logC. /var/log/httpd/messages.logD. /var/log/httpd/access.logAnswer: BQUESTION 20Refer to the exhibit. An employee notices unexpected changes and setting modifications on their workstation and creates an incident ticket. A support specialist checks processes and services but does not identify anything suspicious. The ticket was escalated to an analyst who reviewed this event log and also discovered that the workstation had multiple large data dumps on network shares. What should be determined from this information? A. data obfuscationB. reconnaissance attackC. brute-force attackD. log tamperingAnswer: BQUESTION 21Refer to the exhibit. A company that uses only the Unix platform implemented an intrusion detection system. After the initial configuration, the number of alerts is overwhelming, and an engineer needs to analyze and classify the alerts. The highest number of alerts were generated from the signature shown in the exhibit. Which classification should the engineer assign to this event? A. True Negative alertB. False Negative alertC. False Positive alertD. True Positive alertAnswer: CQUESTION 22Refer to the exhibit. After a cyber attack, an engineer is analyzing an alert that was missed on the intrusion detection system. The attack exploited a vulnerability in a business critical, web-based application and violated its availability. Which two migration techniques should the engineer recommend? (Choose two.) A. encapsulationB. NOP sled techniqueC. address space randomizationD. heap-based securityE. data execution preventionAnswer: CEQUESTION 23An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?A. impact and flowB. cause and effectC. risk and RPND. motive and factorsAnswer: DQUESTION 24Drag and Drop QuestionDrag and drop the cloud characteristic from the left onto the challenges presented for gathering evidence on the right. Answer: QUESTION 25Drag and Drop QuestionDrag and drop the steps from the left into the order to perform forensics analysis of infrastructure networks on the right. Answer: QUESTION 26Drag and Drop QuestionDrag and drop the capabilities on the left onto the Cisco security solutions on the right. Answer: QUESTION 27A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)A. Introduce a priority rating for incident response workloads.B. Provide phishing awareness training for the fill security team.C. Conduct a risk audit of the incident response workflow.D. Create an executive team delegation plan.E. Automate security alert timeframes with escalation triggers.Answer: AEQUESTION 28An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)A. Restore to a system recovery point.B. Replace the faulty CPU.C. Disconnect from the network.D. Format the workstation drives.E. Take an image of the workstation.Answer: AEQUESTION 29Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic? A. There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.B. There are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.C. There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.D. There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to- MAC address mappings as a countermeasure.Answer: AQUESTION 30Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs? A. http.request.un matchesB. tls.handshake.type ==1C. tcp.port eq 25D. tcp.window_size ==0Answer: BQUESTION 31What is a concern for gathering forensics evidence in public cloud environments?A. High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.B. Configuration: Implementing security zones and proper network segmentation.C. Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.D. Multitenancy: Evidence gathering must avoid exposure of data from other tenants.Answer: DResources From:1.2023 Latest Braindump2go 300-215 Exam Dumps (PDF & VCE) Free Share:https://www.braindump2go.com/300-215.html2.2023 Latest Braindump2go 300-215 PDF and 300-215 VCE Dumps Free Share:https://drive.google.com/drive/folders/1a0_XVjCCLFVprs3-rwfVFA53-FP7NhkV?usp=share_linkFree Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams! --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2023-02-20 08:00:39 Post date GMT: 2023-02-20 08:00:39 Post modified date: 2023-02-20 08:00:39 Post modified date GMT: 2023-02-20 08:00:39 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com