Online Access Free 300-215 Practice Test

What is the steganography anti-forensics technique?

• A.hiding a section of a malicious file in unused areas of a file
• B.concealing malicious files in ordinary or unsuspecting places
• C.changing the file header of a malicious file to another file type
• D.sending malicious files over a public network by encapsulation

An organization recovered from a recent ransomware outbreak that resulted in significant business damage.
Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?

• A.cause and effect
• B.impact and flow
• C.motive and factors
• D.risk and RPN

A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file's behavior. Which logs should be reviewed next to evaluate this file further?

• A.email security appliance
• B.DNS server
• C.Antivirus solution
• D.network device

Refer to the exhibit.

A security analyst is reviewing alerts from the SIEM system that was just implemented and notices a possible indication of an attack because the SSHD system just went live and there should be nobody using it. Which action should the analyst take to respond to the alert?

• A.Reset the admin password in SSHD to prevent unauthorized access to the system at scale.
• B.Investigate the alert by checking SSH logs and correlating with other relevant data in SIEM.
• C.Ignore the alert and continue monitoring for further activity because the system was just implemented.
• D.Immediately block the IP address 192.168.1.100 from accessing the SSHD environment.

A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)

• A.Inspect file type.
• B.Inspect PE header.
• C.Inspect file hash.
• D.Inspect processes.
• E.Inspect registry entries