Cisco Exam 300-215 Topic 10 Question 66 Discussion

Actual exam question for Cisco's 300-215 exam

Question #: 66
Topic #: 10

An engineer received a report of a suspicious email from an employee. The employee had already opened the attachment, which was an empty Word document. The engineer cannot identify any clear signs of compromise but while reviewing running processes, observes that PowerShell.exe was spawned by cmd.exe with a grandparent winword.exe process. What is the recommended action the engineer should take?

AUpload the file signature to threat intelligence tools to determine if the file is malicious.

BMonitor processes as this a standard behavior of Word macro embedded documents.

CContain the threat for further analysis as this is an indication of suspicious activity.

DInvestigate the sender of the email and communicate with the employee to determine the motives.

Show Suggested Answer

Suggested Answer: A

by Tiera at Dec 12, 2023, 08:49 AM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Buck

2 months ago

Ah, the age-old question: 'To open or not to open?' I say, better safe than sorry. Contain that threat, my friend!

upvoted 0 times

Linwood

11 days ago

B) Monitor processes as this a standard behavior of Word macro embedded documents.

upvoted 0 times

...

Chu

12 days ago

C) Contain the threat for further analysis as this is an indication of suspicious activity.

upvoted 0 times

...

Geraldine

16 days ago

A) Upload the file signature to threat intelligence tools to determine if the file is malicious.

upvoted 0 times

...

Tequila

2 months ago

Ooh, an empty Word doc spawning PowerShell? Sounds like a classic case of 'Looks can be deceiving.' Gotta go with option C on this one.

upvoted 0 times

...

Earleen

2 months ago

Threat intelligence, huh? I bet the file has some juicy malware that'll make the hackers laugh all the way to the bank. Better contain this before it spreads!

upvoted 0 times

Gwenn

17 days ago

B) Monitor processes as this a standard behavior of Word macro embedded documents.

upvoted 0 times

...

Refugia

1 months ago

C) Contain the threat for further analysis as this is an indication of suspicious activity.

upvoted 0 times

...

Hannah

1 months ago

A) Upload the file signature to threat intelligence tools to determine if the file is malicious.

upvoted 0 times

...

Rashida

2 months ago

Hmm, standard behavior of Word macros? I think not. Something fishy is going on here. Better investigate further!

upvoted 0 times

...

Ashleigh

2 months ago

C'mon, if PowerShell is involved, it's gotta be bad news! Contain that threat, my friend!

upvoted 0 times

Tamar

1 months ago

C) Contain the threat for further analysis as this is an indication of suspicious activity.

upvoted 0 times

...

Jill

1 months ago

A) Upload the file signature to threat intelligence tools to determine if the file is malicious.

upvoted 0 times

...

Luis

1 months ago

C) Contain the threat for further analysis as this is an indication of suspicious activity.

upvoted 0 times

...

Leonie

2 months ago

A) Upload the file signature to threat intelligence tools to determine if the file is malicious.

upvoted 0 times

...

Alonzo

2 months ago

I believe containing the threat for further analysis is also a good idea. We need to be cautious.

upvoted 0 times

...

Kiley

2 months ago

I agree with Andra. It's important to determine if the file is malicious.

upvoted 0 times

...

Andra

2 months ago

I think the engineer should upload the file signature to threat intelligence tools.

upvoted 0 times

...