Logo ExamsQA
Exit
Official Bank 0/112

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Exam (300-215) - Cisco Actual Exam Questions

Last updated on May 02, 2026

97% Exam Compliance
112 Total Questions
1
Question

Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?

Question image
Options
A

http.request.un matches
B

tls.handshake.type ==1
C

tcp.port eq 25
D

tcp.window_size ==0
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

2
Question

An engineer is analyzing a DoS attack and notices that the perpetrator used a different IP address to hide their system IP address and avoid detection. Which anti-forensics technique did the perpetrator use?

Options
A

cache poisoning
B

spoofing
C

encapsulation
D

onion routing
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

3
Question

Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.)

Question image
Select 2
Options
A

Block network access to all .shop domains
B

Add a SIEM rule to alert on connections to identified domains.
C

Use the DNS server to block hole all .shop requests.
D

Block network access to identified domains.
E

Route traffic from identified domains to block hole.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

4
Question

An attacker embedded a macro within a word processing file opened by a user in an organization’s legal department. The attacker used this technique to gain access to confidential financial dat a. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)

Select 2
Options
A

controlled folder access
B

removable device restrictions
C

signed macro requirements
D

firewall rules creation
E

network access control
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

5
Question

Refer to the exhibit. Which two determinations should be made about the attack from the Apache access logs? (Choose two.)

Question image
Select 2
Options
A

The attacker used r57 exploit to elevate their privilege.
B

The attacker uploaded the WordPress file manager trojan.
C

The attacker performed a brute force attack against WordPress and used SQL injection against the backend database.
D

The attacker used the WordPress file manager plugin to upload r57.php.
E

The attacker logged on normally to WordPress admin page.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

Finish Practice?

Are you sure you want to finish? This will end your practice session.