Labour Day Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Cisco > CyberOps Professional > 300-215

300-215 Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Question and Answers

Question # 4

Refer to the exhibit.

According to the SNORT alert, what is the attacker performing?

A.

brute-force attack against the web application user accounts

B.

XSS attack against the target webserver

C.

brute-force attack against directories and files on the target webserver

D.

SQL injection attack against the target webserver

Full Access
Question # 5

Refer to the exhibit.

Which two determinations should be made about the attack from the Apache access logs? (Choose two.)

A.

The attacker used r57 exploit to elevate their privilege.

B.

The attacker uploaded the word press file manager trojan.

C.

The attacker performed a brute force attack against word press and used sql injection against the backend database.

D.

The attacker used the word press file manager plugin to upoad r57.php.

E.

The attacker logged on normally to word press admin page.

Full Access
Question # 6

A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file’s behavior. Which logs should be reviewed next to evaluate this file further?

A.

email security appliance

B.

DNS server

C.

Antivirus solution

D.

network device

Full Access
Question # 7

Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?

A.

process injection

B.

privilege escalation

C.

GPO modification

D.

token manipulation

Full Access
Question # 8

Refer to the exhibit.

An HR department submitted a ticket to the IT helpdesk indicating slow performance on an internal share server. The helpdesk engineer checked the server with a real-time monitoring tool and did not notice anything suspicious. After checking the event logs, the engineer noticed an event that occurred 48 hour prior. Which two indicators of compromise should be determined from this information? (Choose two.)

A.

unauthorized system modification

B.

privilege escalation

C.

denial of service attack

D.

compromised root access

E.

malware outbreak

Full Access
Copyright myexamcollection.com. All Right Reserved.