FreeCram
  1. Home
  2. Cisco
  3. Conducting Forensic Analysis & Incident Response Using Cisco Technologies for CyberOps
  4. Cisco.300-215.v2026-01-17.q56
  5. Question 31
<< Prev Question Next Question >>

Question 31/56

A security team is notified from a Cisco ESA solution that an employee received an advertising email with an attached .pdf extension file. The employee opened the attachment, which appeared to be an empty document.
The security analyst cannot identify clear signs of compromise but reviews running processes and determines that PowerShell.exe was spawned by CMD.exe with a grandparent AcroRd32.exe process. Which two actions should be taken to resolve this issue? (Choose two.)

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (56q)
Question 1: An attacker embedded a macro within a word processing file o...
Question 2: An insider scattered multiple USB flash drives with zero-day...
Question 3: A cybersecurity analyst is examining a complex dataset of th...
Question 4: Which magic byte indicates that an analyzed file is a pdf fi...
Question 5: An organization uses a Windows 7 workstation for access trac...
Question 6: A threat actor attempts to avoid detection by turning data i...
Question 7: A threat intelligence report identifies an outbreak of a new...
Question 8: An incident response team is recommending changes after anal...
Question 9: An organization experienced a sophisticated phishing attack ...
Question 10: Which tool is used for reverse engineering malware?...
Question 11: A new zero-day vulnerability is discovered in the web applic...
Question 12: A threat intelligence report identifies an outbreak of a new...
Question 13: A malware outbreak revealed that a firewall was misconfigure...
Question 14: Refer to the exhibit. (Exhibit) What does the exhibit indica...
Question 15: An incident response analyst is preparing to scan memory usi...
Question 16: Data has been exfiltrated and advertised for sale on the dar...
Question 17: Refer to the exhibit. (Exhibit) An alert came with a potenti...
Question 18: An engineer is analyzing a DoS attack and notices that the p...
Question 19: Over the last year, an organization's HR department has acce...
Question 20: In a secure government communication network, an automated a...
Question 21: Drag and drop the capabilities on the left onto the Cisco se...
Question 22: A network host is infected with malware by an attacker who u...
Question 23: An investigator is analyzing an attack in which malicious fi...
Question 24: A cybersecurity analyst must identify an unknown service cau...
Question 25: An engineer received a report of a suspicious email from an ...
Question 26: An organization recovered from a recent ransomware outbreak ...
Question 27: Refer to the exhibit. (Exhibit) According to the Wireshark o...
Question 28: Refer to the exhibit. (Exhibit) The application x-dosexec wi...
Question 29: An engineer must advise on how YARA rules can enhance detect...
Question 30: (Exhibit)
Question 31: A security team is notified from a Cisco ESA solution that a...
Question 32: Drag and drop the steps from the left into the order to perf...
Question 33: Which two tools conduct network traffic analysis in the abse...
Question 34: Refer to the exhibit. (Exhibit) According to the SNORT alert...
Question 35: A threat actor has successfully attacked an organization and...
Question 36: Refer to the exhibit. (Exhibit) What do these artifacts indi...
Question 37: A cybersecurity analyst is analyzing a complex set of threat...
Question 38: A cybersecurity analyst detects fileless malware activity on...
Question 39: (Exhibit) Refer to the exhibit. A network administrator crea...
Question 40: A security team received an alert of suspicious activity on ...
Question 41: Refer to the exhibit. (Exhibit) An engineer is analyzing a T...
Question 42: (Exhibit) Refer to the exhibit. A security analyst notices t...
Question 43: A security team needs to prevent a remote code execution vul...
Question 44: What is an issue with digital forensics in cloud environment...
Question 45: An organization fell victim to a ransomware attack that succ...
Question 46: Refer to the exhibit. (Exhibit) A company that uses only the...
Question 47: Which scripts will search a log file for the IP address of 1...
Question 48: What is the steganography anti-forensics technique?...
Question 49: A security team detected an above-average amount of inbound ...
Question 50: A workstation uploads encrypted traffic to a known clean dom...
Question 51: An employee receives an email from a "trusted" person contai...
Question 52: A security team is discussing lessons learned and suggesting...
Question 53: A company had a recent data leak incident. A security engine...
Question 54: Refer to the exhibit. (Exhibit) What is occurring within the...
Question 55: Refer to the exhibit. (Exhibit) What should be determined fr...
Question 56: What is the goal of an incident response plan?...