Browse Exams Pricing

Exams300-215Questions

300-215 Exam Questions

143 real 300-215 exam questions with expert-verified answers and explanations. Page 1 of 3.

Question #1Cloud Security Operations & Incident Response
A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the m...
PowerShellLog analysisScriptingSystem administration
Question #2Cloud Security Operations & Incident Response
Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?
Network protocol analysisWiresharkSMBNetwork forensics
Question #3Cloud Security Operations & Incident Response
What is the goal of an incident response plan?
Incident responseSecurity operationsContainment
Question #4Cloud Security Operations & Incident Response
A security team received an alert of suspicious activity on a user's Internet browser. The user's anti- virus software indicated that the file attempted to create a fake recycle bi...
Malware analysisIncident investigationThreat GridBehavioral analysis
Question #5Cloud Security Operations & Incident Response
An employee receives an email from a "trusted" person containing a hyperlink that is malvertising. The employee clicks the link and the malware downloads. An information analyst ob...
Root cause analysisIncident responsePhishingAttack vector
Question #6Cloud Security Operations & Incident Response
Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.)
Threat intelligenceIncident responseNetwork securitySIEM rules
Question #7Cloud Security Operations & Incident Response
Refer to the exhibit. Which two determinations should be made about the attack from the Apache access logs? (Choose two.)
Log analysisWeb server logsAttack chainMalware upload
Question #8Cloud Security Risks & Threat Mitigation
A threat actor attempts to avoid detection by turning data into a code that shifts numbers to the right four times. Which anti-forensics technique is being used?
Anti-forensicsObfuscationEvasion techniquesThreat actor tactics
Question #9Cloud Security Risks & Threat Mitigation
Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?
Process injectionMalware techniquesEvasionOperating system security
Question #10Cloud Security Operations & Incident Response
Refer to the exhibit. An HR department submitted a ticket to the IT helpdesk indicating slow performance on an internal share server. The helpdesk engineer checked the server with...
Indicators of CompromiseIncident investigationLog analysisMalware outbreak
Question #11Cloud Security Operations & Incident Response
Which magic byte indicates that an analyzed file is a pdf file?
File signaturesMagic bytesPDF formatForensics
Question #12Cloud Security Operations & Incident Response
An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the...
DDoS attackIncident responseApache logsLinux commands
Question #13Cloud Security Operations & Incident Response
Refer to the exhibit. What do these artifacts indicate?
Malicious redirectionNetwork forensicsThreat analysisArtifact interpretation
Question #14Forensics Techniques
Refer to the exhibit. According to the SNORT alert, what is the attacker performing?
SNORTIDS alertweb enumerationdirectory brute-force
Question #15Fundamentals
Refer to the exhibit. Which type of code created the snippet?
scripting languagesVB Scriptcode identification
Question #16Incident Response Techniques
Refer to the exhibit. A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of e...
ARP spoofingnetwork attackport securitymitigation
Question #17Incident Response Techniques
Refer to the exhibit. Which two actions should be taken as a result of this information? (Choose two.)
email securitymalware hashthreat blockingincident response
Question #18Forensics Techniques
Refer to the exhibit. What should be determined from this Apache log?
Apache logsSSL certificateerror analysisweb server security
Question #19Fundamentals
Which tool is used for reverse engineering malware?
malware analysisreverse engineeringGhidrasecurity tools
Question #20Incident Response Techniques
A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify...
malware investigationlog analysisendpoint securitybeaconing
Question #21Fundamentals
What are YARA rules based upon?
YARA rulesmalware detectionbinary patternssignature-based detection
Question #22Forensics Techniques
Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)
Wiresharknetwork traffic analysisEmotetIndicators of Compromise (IoC)
Question #23Forensics Techniques
Refer to the exhibit. Which determination should be made by a security analyst?
email securityfilename obfuscationmalware deliverysocial engineering
Question #24Incident Response Processes
A security team received reports of users receiving emails linked to external or unknown URLs that are non-returnable and non-deliverable. The ISP also reported a 500% increase in...
incident responserecovery phasevulnerability managementsignature updates
Question #25Forensics Techniques
An organization uses a Windows 7 workstation for access tracking in one of their physical data centers on which a guard documents entrance/exit activities of all personnel. A serve...
Windows forensicsregistry analysisuser profileslog investigation
Question #26Incident Response Techniques
An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify...
process analysisPowerShell attacksmacro malwareincident containment
Question #27Forensics Techniques
An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the web- server ran out of useable memory and crashed. Which data is needed for further inves...
Linux logssystem logsserver crashmemory issues
Question #28Forensics Techniques
Refer to the exhibit. An employee notices unexpected changes and setting modifications on their workstation and creates an incident ticket. A support specialist checks processes an...
log tamperingdata exfiltrationworkstation compromiseincident analysis
Question #29Incident Response Techniques
Refer to the exhibit. A company that uses only the Unix platform implemented an intrusion detection system. After the initial configuration, the number of alerts is overwhelming, a...
IDS alertsalert classificationfalse positivesignature tuning
Question #30Create Design Specification
Refer to the exhibit. After a cyber attack, an engineer is analyzing an alert that was missed on the intrusion detection system. The attack exploited a vulnerability in a business...
vulnerability mitigationapplication securityASLRDEP
Question #31Incident Response Processes
An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered...
post-incident analysisroot cause analysisransomwarereporting
Question #32Forensics Techniques
Refer to the exhibit. A cybersecurity analyst is presented with the snippet of code used by the threat actor and left behind during the latest incident and is asked to determine it...
code analysismalware functionalitydownloader scriptthreat actor TTPs
Question #33Incident Response Techniques
A security team is notified from a Cisco ESA solution that an employee received an advertising email with an attached .pdf extension file. The employee opened the attachment, which...
process analysisPDF exploitPowerShell attacksincident containment
Question #34Incident Response Techniques
Refer to the exhibit. What is the indicator of compromise?
IOCfile hashmalware analysis
Question #35Forensics Techniques
Which type of record enables forensics analysts to identify fileless malware on Windows machines?
fileless malwareWindows forensicsPowerShell logs
Question #36Incident Response Techniques
Refer to the exhibit. An engineer received a ticket to analyze a recent breach on a company blog. Every time users visit the blog, they are greeted with a message box. The blog all...
web application securityinput validationSQL injectionvulnerability mitigation
Question #37Forensics Techniques
An engineer is analyzing a DoS attack and notices that the perpetrator used a different IP address to hide their system IP address and avoid detection. Which anti-forensics techniq...
anti-forensicsIP spoofingDoS attack
Question #38Incident Response Techniques
An engineer must advise on how YARA rules can enhance detection capabilities. What can YARA rules be used to identify?
YARA rulesmalware detectionsignature-based detection
Question #39Incident Response Techniques
Refer to the exhibit. An engineer analyzes an email with a malicious URL that is flagged by Cisco Secure Malware Analytics. The engineer checks the TCP streams and notices that a d...
malware analysisCisco Secure Malware Analyticsemail analysisIOC analysis
Question #40Incident Response Techniques
Snort detects traffic that is targeting vulnerabilities in files that belong to software in the Microsoft Office suite. On a SIEM tool, the SOC analyst sees an alert from Cisco FMC...
SnortSIEMCisco FMCvulnerability detection
Question #41Forensics Techniques
An investigator notices that GRE packets are going undetected over the public network. What is occurring?
GREtunnelingnetwork forensicspacket analysis
Question #42Incident Response Techniques
A security team needs to prevent a remote code execution vulnerability. The vulnerability can be exploited only by sending '${' string in the HTTP request. WAF rule is blocking '${...
WAF bypassURL encodingremote code executionvulnerability mitigation
Question #43Incident Response Processes
An organization experienced a sophisticated phishing attack that resulted in the compromise of confidential information from thousands of user accounts. The threat actor used a lan...
phishingroot cause analysisincident analysisemail security
Question #44Incident Response Techniques
In a secure government communication network, an automated alert indicates the presence of anomalous DLL files injected into the system memory during a routine update of communicat...
memory forensicsDLL injectionbeaconingdata exfiltrationincident response prioritization
Question #45Forensics Techniques
Refer to the exhibit. A security analyst notices that a web application running on NGINX is generating an unusual number of log messages. The application is operational and reachab...
web application securityNGINX logsdirectory fuzzinglog analysis
Question #46Incident Response Processes
A threat intelligence report identifies an outbreak of a new ransomware strain spreading via phishing emails that contain malicious URLs. A compromised cloud service provider, XYZC...
phishingthreat intelligenceincident responserisk identification
Question #47Forensics Techniques
Refer to the exhibit. What is occurring within the exhibit?
network forensicsHTTP redirectpacket analysis
Question #48Incident Response Techniques
An incident responder reviews a log entry that shows a Microsoft Word process initiating an outbound network connection followed by PowerShell execution with obfuscated commands. C...
incident responsePowerShell forensicsobfuscationIOC identificationendpoint forensics
Question #49Incident Response Techniques
Refer to the exhibit. An alert came with a potentially suspicious activity from a machine in HR department. Which two IOCs should the security analyst flag? (Choose two.)
IOCprocess analysisPowerShellBase64 encodingendpoint forensics
Question #50Incident Response Processes
A cybersecurity analyst is analyzing a complex set of threat intelligence data from internal and external sources. Among the data, they discover a series of indicators, including p...
threat intelligenceransomwareincident response planningthreat correlationsystem isolation

Page 1 of 3Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.