Cisco Exam 300-215 Topic 10 Question 66 Discussion

Actual exam question for Cisco's 300-215 exam

Question #: 66
Topic #: 10

An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?

AUpload the file signature to threat intelligence tools to determine if the file is malicious.

BMonitor processes as this a standard behavior of Word macro embedded documents.

CContain the threat for further analysis as this is an indication of suspicious activity.

DInvestigate the sender of the email and communicate with the employee to determine the motives.

Show Suggested Answer

Suggested Answer: A

by Tiera at Dec 12, 2023, 08:49 AM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Buck

2 hours ago

Ah, the age-old question: 'To open or not to open?' I say, better safe than sorry. Contain that threat, my friend!

upvoted 0 times

...

Tequila

5 days ago

Ooh, an empty Word doc spawning PowerShell? Sounds like a classic case of 'Looks can be deceiving.' Gotta go with option C on this one.

upvoted 0 times

...

Earleen

8 days ago

Threat intelligence, huh? I bet the file has some juicy malware that'll make the hackers laugh all the way to the bank. Better contain this before it spreads!

upvoted 0 times

...