Pre-Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A security team is notified from a Cisco ESA solution that an employee received an...

Cisco 300-215 Full Course Access
Cisco 300-215 View All Questions

A security team is notified from a Cisco ESA solution that an employee received an advertising email with an attached .pdf extension file. The employee opened the attachment, which appeared to be an empty document. The security analyst cannot identify clear signs of compromise but reviews running processes and determines that PowerShell.exe was spawned by CMD.exe with a grandparent AcroRd32.exe process. Which two actions should be taken to resolve this issue? (Choose two.)

A.

Upload the .pdf file to Cisco Threat Grid and analyze suspicious activity in depth.

B.

No action is required because this behavior is standard for .pdf files.

C.

Check the Windows Event Viewer for security logs about the incident.

D.

Quarantine this workstation for further investigation, as this event is an indication of suspicious activity.

E.

Investigate the reputation of the sender address and temporarily block all communications with this email domain.

300-215 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now 300-215 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
Refer to the exhibit.
A cybersecurity analyst detects fileless malware activity on secure endpoints.
Previous