Browse Exams Pricing

Exams300-215Questions

300-215 Exam Questions

143 real 300-215 exam questions with expert-verified answers and explanations. Page 2 of 3.

Question #51Incident Response Processes
A threat actor has successfully attacked an organization and gained access to confidential files on a laptop. What plan should the organization initiate to contain the attack and p...
incident responsecontainmentattack mitigationsecurity planning
Question #52Forensics Techniques
Refer to the exhibit. A network administrator creates an Apache log parser by using Python. What needs to be added in the box where the code is missing to accomplish the requiremen...
log parsingPython regexApache logsIPv4
Question #53Incident Response Processes
An organization experienced a ransomware attack that resulted in the successful infection of their workstations within their network. As part of the incident response process, the...
ransomwareroot cause analysisincident reportvulnerability exploitation
Question #54Incident Response Processes
An insider scattered multiple USB flash drives with zero-day malware in a company HQ building. Many employees connected the USB flash drives to their workstations. An attacker was...
insider threatmalware preventionsecurity awarenessendpoint security
Question #55Forensics Techniques
Refer to the exhibit. What does the exhibit indicate?
UAC bypassprivilege escalationregistry modificationWindows security
Question #56Incident Response Techniques
During a routine inspection of system logs, a security analyst notices an entry where Microsoft Word initiated a PowerShell command with encoded arguments. Given that the user's ro...
incident analysisPowerShell obfuscationencoded commandsindicator of compromise
Question #57Incident Response Processes
During a routine security audit, an organization's security team detects an unusual spike in network traffic originating from one of their internal servers. Upon further investigat...
incident responseinitial assessmentnetwork forensicscontainment
Question #58Forensics Techniques
Refer to the exhibit. What is occurring?
persistence mechanismscheduled tasksthreat actor techniquesWindows security
Question #59Forensics Techniques
Which two tools conduct network traffic analysis in the absence of a graphical user interface? (Choose two.)
network analysis toolscommand-line toolspacket captureTCPdump
Question #60Incident Response Processes
An organization fell victim to a ransomware attack that successfully infected 256 hosts within its network. In the aftermath of this incident, the organization's cybersecurity team...
root cause analysisransomware attackincident post-mortemmethod of infection
Question #61Incident Response Techniques
A new zero-day vulnerability is discovered in the web application. Vulnerability does not require physical access and can be exploited remotely. Attackers are exploiting the new vu...
web application securityinput validationzero-dayfile integrity monitoring
Question #62Forensics Techniques
What is an antiforensic technique to cover a digital footprint?
antiforensicsobfuscationdigital footprintattack techniques
Question #63Incident Response Techniques
Refer to the exhibit. What is the script trying to accomplish?
script analysisnetwork connectionscommand and controlmalware analysis
Question #64Incident Response Techniques
Refer to the exhibit. What is occurring?
HTTP status codesweb server logsnetwork traffic analysisweb security
Question #65Incident Response Techniques
A cybersecurity analyst is examining a complex dataset of threat intelligence information from various sources. Among the data, they notice multiple instances of domain name resolu...
threat intelligenceindicator of compromiseC2 communicationincident prioritization
Question #66Incident Response Techniques
Refer to the exhibit. The application x-dosexec with hash 691c65e4fb1d19f82465df1d34ad51aaeceba14a78167262dc7b2840a6a6aa87 is reported as malicious and labeled as "Trojan.Generic"...
indicator of compromisemalware analysisprocess injectionTrojan
Question #67Incident Response Techniques
Refer to the exhibit. Which two actions should be taken as a result of this information? (Choose two.)
threat intelligenceblacklistdomain blockingIP blockingcontainment
Question #68Forensics Processes
What describes the first step in performing a forensic analysis of infrastructure network devices?
digital forensicsevidence preservationnetwork device forensicsforensic imaging
Question #69Forensics Techniques
Refer to the exhibit. What is this encoding technique?
encodingBase64malware obfuscationdata interpretation
Question #70Incident Response Techniques
Refer to the exhibit. A security analyst is reviewing alerts from the SIEM system that was just implemented and notices a possible indication of an attack because the SSHD system j...
SIEM analysisincident investigationlog correlationSSH security
Question #71Forensics Techniques
Which tool should be used for dynamic malware analysis?
malware analysisdynamic analysissandboxsecurity tools
Question #72Forensics Processes
What is an issue with digital forensics in cloud environments, from a security point of view?
cloud forensicsdigital forensics challengescloud securityevidence acquisition
Question #73Forensics Techniques
What can the blue team achieve by using Hex Fiend against a piece of malware?
malware analysishex editorYARA rulessignature detectionblue team
Question #74Incident Response Techniques
What are two features of Cisco Secure Endpoint? (Choose two.)
Cisco Secure Endpointendpoint securitysecurity features
Question #75Incident Response Techniques
During a daily security audit via Cisco Secure Network Analytics, an engineer notices unusual activity in the network. The security engineer investigates and discovers that an empl...
MITRE ATT&CKexfiltrationnetwork traffic analysisCisco Secure Network Analytics
Question #76Forensics Techniques
A cybersecurity analyst at a software development company identifies a set of files with an unusual extension .xyz that appeared suddenly in the network's shared storage. These fil...
malware analysisheuristic analysisunknown threatsfile analysis
Question #77Incident Response Techniques
A company had a recent data leak incident. A security engineer investigating the incident discovered that a malicious link was accessed by multiple employees. Further investigation...
phishing mitigationendpoint detection and responsesecure email gatewaydata breach prevention
Question #78Forensics Techniques
Refer to the exhibit. A suspicious binary was executed and a Cisco Secure Malware analytics report was created. What do the artifacts suggest?
malware analysisCisco Secure Malware AnalyticsMD5 hashthreat intelligence
Question #79Forensics Techniques
Data has been exfiltrated and advertised for sale on the dark web. Incident Response has narrowed down which server has been accessed by the threat actor based on the event logs. O...
memory forensicsincident responsesystem diagnosticsperformance analysis
Question #80Incident Response Processes
The company experienced a massive malware outbreak, which allowed attackers to gain access to trade secrets and other sensitive information. The security team conducted an in-depth...
incident responsefirewall misconfigurationnetwork security policyremediation
Question #81Forensics Techniques
An incident response analyst is preparing the rule to scan the memory with the YARA. How will the analyst complete the task?
YARA rulesmemory scanningmalware analysisthreat hunting
Question #82Forensics Techniques
A cybersecurity analyst must evaluate files from endpoints and conduct ad-hoc scans in a highly secure government agency: During the analysis, the analyst identifies a set of suspi...
fileless malwarememory analysisendpoint forensicsadvanced threat detection
Question #83Forensics Techniques
Which issue is related to gathering evidence from cloud vendors?
cloud forensicsevidence collectioncloud securitylegal challenges
Question #84
A cybersecurity analyst is investigating a case where an unknown service is causing high CPU usage on a Windows server. The analyst must identify the service, investigate its sourc...
Process ExplorerWindows process analysisMalware investigationSystem monitoring
Question #85Fundamentals
Refer to the exhibit. Which type of code is shown?
PythonScripting languagesCode identificationSecurity tools
Question #86Forensics Techniques
Refer to the exhibit. Which encoding method is used to obfuscate the script?
EncodingObfuscationScript AnalysisMalware Analysis
Question #87Incident Response Processes
Refer to the exhibit. A company employee receives an email from a customer. The email includes a Microsoft Word attachment. The moment the employee opens the attachment, the workst...
Incident ResponseMalware AnalysisLateral MovementThreat Containment
Question #88Incident Response Techniques
Refer to the exhibit. A web hosting company analyst is analyzing the latest traffic because there was a 20% spike in servers CPU usage recently. After correlating the logs, the pro...
Brute-force AttackIncident AnalysisSecurity Mitigation
Question #89Cloud Security and Digital Forensics - Understanding how the five NIST essential cloud characteristics (broad network access, rapid elasticity, measured service, resource pooling, on-demand self-service) create specific challenges for forensic investigators when gathering and preserving digital evidence in cloud environments.
Drag and Drop Question Drag and drop the cloud characteristic from the left onto the challenges presented for gathering evidence on the right. Answer:
Cloud ForensicsNIST Cloud CharacteristicsDigital EvidenceIncident Response
Question #90Cloud Security Concepts and Architecture - Understanding NIST-defined essential characteristics of cloud computing and their application in forensic analysis of cloud infrastructure (relevant to certifications such as CompTIA Cloud+, CCSP, or CySA+)
Drag and Drop Question Drag and drop the steps from the left into the order to perform forensics analysis of infrastructure networks on the right. Answer:
Cloud Computing CharacteristicsNIST SP 800-145Cloud ForensicsInfrastructure Security
Question #91Fundamentals
Drag and Drop Question Drag and drop the capabilities on the left onto the Cisco security solutions on the right. Answer:
Security domainsNetwork securityEndpoint securityCloud security
Question #92Incident Response Techniques
A security team receives a notification from the SIEM solution that Cisco Secure Network Analytics detects abnormally high uploads from an internal workstation to external IP addre...
Firewall SecurityThreat IntelligenceDNS SecurityC2 Prevention
Question #93Incident Response Processes
A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report th...
incident response processorganizational securitysecurity policyescalation procedures
Question #94Incident Response Techniques
An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the int...
incident responseendpoint compromiseevidence collectionnetwork isolation
Question #95Forensics Techniques
Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic?
network traffic analysisWiresharkSYN floodDoS attacks
Question #96Forensics Techniques
Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter...
Wireshark FiltersTLS HandshakeNetwork ForensicsMalware Analysis
Question #97Forensics Techniques
What is a concern for gathering forensics evidence in public cloud environments?
cloud forensicsmultitenancyevidence collectiondata privacy
Question #98Automation and Scripting / Security tool development - understanding Python file handling, regex searching, and output redirection as applied to cybersecurity log analysis tasks (e.g., CompTIA CySA+ or Security+ scripting objectives)
Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console? A. B. C. D.
Python scriptinglog parsingregular expressionsfile I/O
Question #99Forensics Techniques
What is the transmogrify anti-forensics technique?
anti-forensicsfile manipulationdata hidingtransmogrify
Question #100Forensics Techniques
What is the steganography anti-forensics technique?
steganographyanti-forensicsdata concealment

PreviousPage 2 of 3Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.