- Home
- Cisco
- Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps
- Cisco.300-215.v2026-01-17.q56
- Question 49
Valid 300-215 Dumps shared by ExamDiscuss.com for Helping Passing 300-215 Exam! ExamDiscuss.com now offer the newest 300-215 exam dumps, the ExamDiscuss.com 300-215 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 300-215 dumps with Test Engine here:
Access 300-215 Dumps Premium Version
(118 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 49/56
A security team detected an above-average amount of inbound tcp/135 connection attempts from unidentified senders. The security team is responding based on their incident response playbook. Which two elements are part of the eradication phase for this incident? (Choose two.)
Correct Answer: C,D
The eradication phase in incident response involveseliminating the root cause of the incidentand strengthening defenses to prevent reoccurrence. In this case:
* Intrusion Prevention System (D): Adding new rules to the IPS to detect and block malicious activity on TCP/135 is a direct eradication step to remove the threat's entry point and prevent future attacks.
* Centralized User Management (C): Hardening user accounts, removing unnecessary permissions, and applying tighter authentication/authorization measures helps eliminate the possibility that threat actors could exploit weak or mismanaged accounts to continue accessing the system.
Althoughanti-malware software (A)andenterprise block listing (E)are valuable, themost direct eradication stepshere specifically involve managing network access (via IPS) and strengthening user controls (via centralized user management), especially when TCP/135 (MSRPC endpoint mapper) can be used to enumerate services and potentially access vulnerable endpoints remotely.
This aligns with best practices outlined in incident response frameworks (such as the NIST SP 800-61 and referenced resources), which emphasizeclosing the exploited entry points(in this case, TCP/135) and removing any lingering access pointsthrough user management and network control enhancements.
Reference:
CyberOps Technologies (CBRFIR) 300-215 study guide, Chapter: Understanding the Incident Response Process, Eradication Phase, page 105-106.
External Reference: "The Core Phases of Incident Response - Remediation," Cipher blog [1].
External Reference: "Service Overview and Network Port Requirements," Microsoft documentation [2].
* Intrusion Prevention System (D): Adding new rules to the IPS to detect and block malicious activity on TCP/135 is a direct eradication step to remove the threat's entry point and prevent future attacks.
* Centralized User Management (C): Hardening user accounts, removing unnecessary permissions, and applying tighter authentication/authorization measures helps eliminate the possibility that threat actors could exploit weak or mismanaged accounts to continue accessing the system.
Althoughanti-malware software (A)andenterprise block listing (E)are valuable, themost direct eradication stepshere specifically involve managing network access (via IPS) and strengthening user controls (via centralized user management), especially when TCP/135 (MSRPC endpoint mapper) can be used to enumerate services and potentially access vulnerable endpoints remotely.
This aligns with best practices outlined in incident response frameworks (such as the NIST SP 800-61 and referenced resources), which emphasizeclosing the exploited entry points(in this case, TCP/135) and removing any lingering access pointsthrough user management and network control enhancements.
Reference:
CyberOps Technologies (CBRFIR) 300-215 study guide, Chapter: Understanding the Incident Response Process, Eradication Phase, page 105-106.
External Reference: "The Core Phases of Incident Response - Remediation," Cipher blog [1].
External Reference: "Service Overview and Network Port Requirements," Microsoft documentation [2].
- Question List (56q)
- Question 1: An attacker embedded a macro within a word processing file o...
- Question 2: An insider scattered multiple USB flash drives with zero-day...
- Question 3: A cybersecurity analyst is examining a complex dataset of th...
- Question 4: Which magic byte indicates that an analyzed file is a pdf fi...
- Question 5: An organization uses a Windows 7 workstation for access trac...
- Question 6: A threat actor attempts to avoid detection by turning data i...
- Question 7: A threat intelligence report identifies an outbreak of a new...
- Question 8: An incident response team is recommending changes after anal...
- Question 9: An organization experienced a sophisticated phishing attack ...
- Question 10: Which tool is used for reverse engineering malware?...
- Question 11: A new zero-day vulnerability is discovered in the web applic...
- Question 12: A threat intelligence report identifies an outbreak of a new...
- Question 13: A malware outbreak revealed that a firewall was misconfigure...
- Question 14: Refer to the exhibit. (Exhibit) What does the exhibit indica...
- Question 15: An incident response analyst is preparing to scan memory usi...
- Question 16: Data has been exfiltrated and advertised for sale on the dar...
- Question 17: Refer to the exhibit. (Exhibit) An alert came with a potenti...
- Question 18: An engineer is analyzing a DoS attack and notices that the p...
- Question 19: Over the last year, an organization's HR department has acce...
- Question 20: In a secure government communication network, an automated a...
- Question 21: Drag and drop the capabilities on the left onto the Cisco se...
- Question 22: A network host is infected with malware by an attacker who u...
- Question 23: An investigator is analyzing an attack in which malicious fi...
- Question 24: A cybersecurity analyst must identify an unknown service cau...
- Question 25: An engineer received a report of a suspicious email from an ...
- Question 26: An organization recovered from a recent ransomware outbreak ...
- Question 27: Refer to the exhibit. (Exhibit) According to the Wireshark o...
- Question 28: Refer to the exhibit. (Exhibit) The application x-dosexec wi...
- Question 29: An engineer must advise on how YARA rules can enhance detect...
- Question 30: (Exhibit)
- Question 31: A security team is notified from a Cisco ESA solution that a...
- Question 32: Drag and drop the steps from the left into the order to perf...
- Question 33: Which two tools conduct network traffic analysis in the abse...
- Question 34: Refer to the exhibit. (Exhibit) According to the SNORT alert...
- Question 35: A threat actor has successfully attacked an organization and...
- Question 36: Refer to the exhibit. (Exhibit) What do these artifacts indi...
- Question 37: A cybersecurity analyst is analyzing a complex set of threat...
- Question 38: A cybersecurity analyst detects fileless malware activity on...
- Question 39: (Exhibit) Refer to the exhibit. A network administrator crea...
- Question 40: A security team received an alert of suspicious activity on ...
- Question 41: Refer to the exhibit. (Exhibit) An engineer is analyzing a T...
- Question 42: (Exhibit) Refer to the exhibit. A security analyst notices t...
- Question 43: A security team needs to prevent a remote code execution vul...
- Question 44: What is an issue with digital forensics in cloud environment...
- Question 45: An organization fell victim to a ransomware attack that succ...
- Question 46: Refer to the exhibit. (Exhibit) A company that uses only the...
- Question 47: Which scripts will search a log file for the IP address of 1...
- Question 48: What is the steganography anti-forensics technique?...
- Question 49: A security team detected an above-average amount of inbound ...
- Question 50: A workstation uploads encrypted traffic to a known clean dom...
- Question 51: An employee receives an email from a "trusted" person contai...
- Question 52: A security team is discussing lessons learned and suggesting...
- Question 53: A company had a recent data leak incident. A security engine...
- Question 54: Refer to the exhibit. (Exhibit) What is occurring within the...
- Question 55: Refer to the exhibit. (Exhibit) What should be determined fr...
- Question 56: What is the goal of an incident response plan?...
