1. Home
  2. Discussions
  3. Cisco
  4. CyberOps Professional
  5. 300-215 Discussions
  6. 300-215 Exam Topic 3 Question 20 Discussion

Cisco Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) 300-215 Question # 20 Topic 3 Discussion

 Cisco Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Cisco Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) 300-215 Question # 20 Topic 3 Discussion

300-215 Exam Topic 3 Question 20 Discussion:
Question #: 20
Topic #: 3

A security team is notified from a Cisco ESA solution that an employee received an advertising email with an attached .pdf extension file. The employee opened the attachment, which appeared to be an empty document. The security analyst cannot identify clear signs of compromise but reviews running processes and determines that PowerShell.exe was spawned by CMD.exe with a grandparent AcroRd32.exe process. Which two actions should be taken to resolve this issue? (Choose two.)
A.

Upload the .pdf file to Cisco Threat Grid and analyze suspicious activity in depth.

B.

No action is required because this behavior is standard for .pdf files.

C.

Check the Windows Event Viewer for security logs about the incident.

D.

Quarantine this workstation for further investigation, as this event is an indication of suspicious activity.

E.

Investigate the reputation of the sender address and temporarily block all communications with this email domain.

Get Premium 300-215 Questions
Actual exam question for Cisco 300-215 exam by Juno4689 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next