Cisco Exam 300-215 Topic 4 Question 59 Discussion

Actual exam question for Cisco's 300-215 exam

Question #: 59
Topic #: 4

An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis process. Which two actions should the engineer take? (Choose two.)

ARestore to a system recovery point.

BReplace the faulty CPU.

CDisconnect from the network.

DFormat the workstation drives.

ETake an image of the workstation.

Show Suggested Answer

Suggested Answer: C

by Kerry at Jul 05, 2023, 09:21 PM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Vanna

1 months ago

Ah, the classic malware mystery! C and E are the clear winners here. Isolate the system and preserve the evidence. Now, if only I could use this as an excuse to upgrade the poor user's workstation. 'Sorry, ma'am, your computer is just too infected to be saved. Time for a new one!'

upvoted 0 times

Elke

4 days ago

E) Restore to a system recovery point.

upvoted 0 times

...

Francine

5 days ago

D) Format the workstation drives.

upvoted 0 times

...

Launa

9 days ago

C) Replace the faulty CPU.

upvoted 0 times

...

Zena

12 days ago

B) Take an image of the workstation.

upvoted 0 times

...

Avery

16 days ago

User 1: Definitely agree with you on that! C and E are the best course of action in this situation.

upvoted 0 times

...

Lashandra

1 months ago

A) Disconnect from the network.

upvoted 0 times

...

Darrin

2 months ago

Definitely C and E. Disconnecting the network is a must to stop the bleeding, and an image is essential for a thorough investigation. Although, I have to say, I'm a little disappointed they didn't include 'Send the workstation to the IT team's secret lair for further examination' as an option.

upvoted 0 times

Emilio

1 months ago

I agree, those are the best options given the situation.

upvoted 0 times

...

Emilio

1 months ago

E) Take an image of the workstation.

upvoted 0 times

...

Emilio

1 months ago

C) Disconnect from the network.

upvoted 0 times

...

James

2 months ago

I would also suggest restoring to a system recovery point before taking any further actions. It might help in identifying the root cause of the issue.

upvoted 0 times

...

Natalie

2 months ago

I agree with Callie. Disconnecting from the network will stop the unknown outgoing traffic, and taking an image will help with analysis.

upvoted 0 times

...

Allene

2 months ago

I'm leaning towards C and E as well. Cutting off the network access is crucial to prevent further damage, and creating an image will be super helpful for the forensic analysis. Just don't forget to send that image to your favorite cybersecurity expert for a detailed review!

upvoted 0 times

Willetta

1 months ago

E) Take an image of the workstation.

upvoted 0 times

...

Gladys

1 months ago

C) Disconnect from the network.

upvoted 0 times

...

Callie

2 months ago

I think the engineer should disconnect from the network and take an image of the workstation.

upvoted 0 times

...

Francisca

2 months ago

I believe restoring to a system recovery point could help in this situation as well.

upvoted 0 times

...

Jettie

2 months ago

Hmm, I think C and E are the way to go. Disconnect the network to isolate the issue, and take an image of the workstation to investigate further. Gotta love a good old-fashioned malware hunt!

upvoted 0 times