Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

300-215 by Cisco - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

An employee receives an email from a "trusted" person containing a hyperlink that is malvertising. The employee clicks the link and the malware downloads. An information analyst observes an alert at the SIEM and engages the cybersecurity team to conduct an analysis of this incident in accordance with the incident response plan. Which event detail should be included in this root cause analysis?

A phishing email sent to the victim
B alarm raised by the SIEM
C information from the email header
D alert identified by the cybersecurity team

Question 4

Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?

Question Image

A It is redirecting to a malicious phishing website,
B It is exploiting redirect vulnerability
C It is requesting authentication on the user site.
D It is sharing access to files and printers.

Question 5

Which magic byte indicates that an analyzed file is a pdf file?

A cGRmZmlsZQ
B 706466666
C 255044462d
D 0a0ah4cg

Question 6

Refer to the exhibit. What should be determined from this Apache log?

Question Image

A A module named mod_ssl is needed to make SSL connections.
B The private key does not match with the SSL certificate.
C The certificate file has been maliciously modified
D The SSL traffic setup is improper

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 29

1 2

→

Know a question that should be here? Contribute to this exam

Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic?

Question Image

A There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.
B There are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.
C There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.
D There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-MAC address mappings as a countermeasure.

Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic?

Question Image

A There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.
B There are signs of a malformed packet attack, and the engineer should limit the packet size and set a threshold of bytes as a countermeasure.
C There are signs of a DNS attack, and the engineer should hide the BIND version and restrict zone transfers as a countermeasure.
D There are signs of ARP spoofing, and the engineer should use Static ARP entries and IP address-to-MAC address mappings as a countermeasure.

300-215Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

That's the end of the Preview