300-215 · Question #33
300-215 Question #33: Real Exam Question with Answer & Explanation
The correct answer is A: Upload the .pdf file to Cisco Threat Grid and analyze suspicious activity in depth.. Submitting the PDF to Cisco Threat Grid lets you safely detonate and analyze its true behavior (e.g. the PowerShell launch), confirming malicious payloads. Quarantining the affected workstation immediately prevents further lateral movement or data exfiltration while you investiga
Question
A security team is notified from a Cisco ESA solution that an employee received an advertising email with an attached .pdf extension file. The employee opened the attachment, which appeared to be an empty document. The security analyst cannot identify clear signs of compromise but reviews running processes and determines that PowerShell.exe was spawned by CMD.exe with a grandparent AcroRd32.exe process. Which two actions should be taken to resolve this issue? (Choose two.)
Options
- AUpload the .pdf file to Cisco Threat Grid and analyze suspicious activity in depth.
- BNo action is required because this behavior is standard for .pdf files.
- CCheck the Windows Event Viewer for security logs about the incident.
- DQuarantine this workstation for further investigation, as this event is an indication of suspicious
- EInvestigate the reputation of the sender address and temporarily block all communications with
Explanation
Submitting the PDF to Cisco Threat Grid lets you safely detonate and analyze its true behavior (e.g. the PowerShell launch), confirming malicious payloads. Quarantining the affected workstation immediately prevents further lateral movement or data exfiltration while you investigate.
Topics
Community Discussion
No community discussion yet for this question.