300-215 Practice Exam Questions and Answers

A.  

encryption

B.  

tunneling

C.  

obfuscation

D.  

poisoning

A.  

An executable file is requesting an application download.

B.  

A malicious file is redirecting users to different domains.

C.  

The MD5 of a file is identified as a virus and is being blocked.

D.  

A forged DNS request is forwarding users to malicious websites.

A.  

evaluation of user awareness and training programs aimed at preventing ransomware attacks

B.  

analysis of the organization's network architecture and security infrastructure

C.  

detailed examination of the ransomware variant, its encryption techniques, and command-and-control servers

D.  

vulnerabilities present in the organization's software and systems that were exploited by the ransomware

A.  

Compare the metadata of the Microsoft Word document with known templates to verify its authenticity.

B.  

Examine the network destination of the outbound connection to assess the credibility and categorize the traffic.

C.  

Conduct a behavioral analysis of the PowerShell execution pattern and deobfuscate the commands to assess malicious intent.

D.  

Correlate the time of the outbound network connection with the user's activity log to establish a usage pattern.

A.  

SHA256 file hash

B.  

indicator ID: malware--a932fcc6-e032-476c-826f-cb970a569bce

C.  

indicator type: malicious-activity

D.  

MD5 file hash

A.  

There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.

B.  

There are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.

C.  

There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.

D.  

There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-MAC address mappings as a countermeasure.

A.  

brute-force attack against the web application user accounts

B.  

XSS attack against the target webserver

C.  

brute-force attack against directories and files on the target webserver

D.  

SQL injection attack against the target webserver

A.  

Introduce a priority rating for incident response workloads.

B.  

Provide phishing awareness training for the full security team.

C.  

Conduct a risk audit of the incident response workflow.

D.  

Create an executive team delegation plan.

E.  

Automate security alert timeframes with escalation triggers.

A.  

Isolate the files and perform a deeper heuristic analysis to detect potential unknown malware or data exfiltration payloads.

B.  

Rename the file extensions to .txt to enable easier opening and review by team members.

C.  

Delete the files immediately to prevent potential risks.

D.  

Move the files to a less secure network segment for analysis.

A.  

r'\d(1,3),\d(1.3),\d{13}.df{1,3}'

B.  

r'*\b'

C.  

r''\b{1-9}[0-9}\b'

D.  

r'\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}'