Question No. 1

Refer to the exhibit.

What should an engineer determine from this Wireshark capture of suspicious network traffic?

AThere are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.

BThere are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.

CThere are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.

DThere are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-MAC address mappings as a countermeasure.

Show Answer

Correct Answer: A

Question No. 2

Refer to the exhibit.

Which two determinations should be made about the attack from the Apache access logs? (Choose two.)

AThe attacker used r57 exploit to elevate their privilege.

BThe attacker uploaded the word press file manager trojan.

CThe attacker performed a brute force attack against word press and used sql injection against the backend database.

DThe attacker used the word press file manager plugin to upoad r57.php.

EThe attacker logged on normally to word press admin page.

Show Answer

Correct Answer: C, D

Question No. 3

Refer to the exhibit.

According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)

ADomain name:iraniansk.com

BServer: nginx

CHash value: 5f31ab113af08=1597090577

Dfilename= ''Fy.exe''

EContent-Type: application/octet-stream

Show Answer

Correct Answer: C, E

Question No. 4

Refer to the exhibit.

Which two actions should be taken as a result of this information? (Choose two.)

AUpdate the AV to block any file with hash ''cf2b3ad32a8a4cfb05e9dfc45875bd70''.

BBlock all emails sent from an @state.gov address.

CBlock all emails with pdf attachments.

DBlock emails sent from Admin@state.net with an attached pdf file with md5 hash ''cf2b3ad32a8a4cfb05e9dfc45875bd70''.

EBlock all emails with subject containing ''cf2b3ad32a8a4cfb05e9dfc45875bd70''.

Show Answer

Correct Answer: A, B

Question No. 5

Which information is provided bout the object file by the ''-h'' option in the objdump line command objdump --b oasys --m vax --h fu.o?

Abfdname

Bdebugging

Chelp

Dheaders

Show Answer

Correct Answer: D

Free Cisco 300-215 Exam Actual Questions