nerdexam
Exams300-215Questions#56
CiscoCisco

300-215 · Question #56

300-215 Question #56: Real Exam Question with Answer & Explanation

The correct answer is D: Review the encoded PowerShell arguments to decode and determine the intent of the script.. Decoding the Base64 (or otherwise encoded) PowerShell payload reveals the actual commands being run, which is the most direct way to identify if Word was used as a vector for malicious

Submitted by tarun92· Mar 6, 2026Incident Response Techniques

Question

During a routine inspection of system logs, a security analyst notices an entry where Microsoft Word initiated a PowerShell command with encoded arguments. Given that the user's role does not involve scripting or advanced document processing, which action should the analyst take to analyze this output for potential indicators of compromise?

Options

  • AMonitor the Microsoft Word startup times to ensure they align with business hours.
  • BConfirm that the Microsoft Word license is valid and the application is updated to the latest
  • CValidate the frequency of PowerShell usage across all hosts to establish a baseline.
  • DReview the encoded PowerShell arguments to decode and determine the intent of the script.

Explanation

Decoding the Base64 (or otherwise encoded) PowerShell payload reveals the actual commands being run, which is the most direct way to identify if Word was used as a vector for malicious

Topics

#incident analysis#PowerShell obfuscation#encoded commands#indicator of compromise

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-215 PracticeBrowse All 300-215 Questions