Question 1
DRAG DROP
Drag and drop the capabilities on the left onto the Cisco security solutions on the right.
Select and Place:
Answer is in the explanation below.
300-215 – Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)
Loading demo links...
Showing 1–3 of 10 questions
Question 2
An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)
Select all that apply, then click Submit answer.
-
○
Restore to a system recovery point.
-
○
Replace the faulty CPU.
-
○
Disconnect from the network.
-
○
Format the workstation drives.
-
○
Take an image of the workstation.
Question 3
Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.)
Select all that apply, then click Submit answer.
-
○
Block network access to all .shop domains
-
○
Add a SIEM rule to alert on connections to identified domains.
-
○
Use the DNS server to block hole all .shop requests.
-
○
Block network access to identified domains.
-
○
Route traffic from identified domains to block hole.
