Question 10 of 32 from exam 300-215-CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps

Prev Question Next Question

Question

$Drive type Fixed (Hard disk) Drive serial number 1CBDB2C4 Full path C:\Windows\System32\WIndowsPowerShelliv1 O\powershell.exe NetBIOS name user-pc ‘Lok file name ‘ds7002 pdf Relative path \L\.\..\\Windows\System32\WindowsPowerShell\v1 O\powershell.exe Aiginnts “noni —ep bypass $zk = ; ‘JHBOZ3Q9MHgwMDA 1ZTJiZTskdmNxPTB4MDAWNiIZYjY 7. Target file size (bytes) 452608 Droid volume c59b0b22-7202-4410-b323-894349c1d75b Birth droid volume c59b0b22-7202-44 10-b323-894349c1d75b Droid file bf069f66-8be6-1 1 e6-b3d9-0800279224e5 Birth droid file bf069f66-8be6-1 1e6-b3d9-0800279224e5, File attribute The file or directory is an archive file Target file access time (utc) 13.07.2009 23:32:37 Tempel tae creation te: |'95:97:200923:32:37 (uTC) Target file modification time (UTC) 14.07.2009 1:14:24 HasTargetidList, HasLinkinfo, HasName, HasRelativePath, HasArguments, Header flags ifasice MAC vendor Cadmus Computer Systems My Target path ComputeriC:\Windows\System32\WindowsPowerShellivt O\powershell exe Target MFT entry number Ox7E21$

Refer to the exhibit.

An engineer is analyzing a .LNK (shortcut) file recently received as an email attachment and blocked by email security as suspicious.

What is the next step an engineer should take?

Answers

A. Delete the suspicious email with the attachment as the file is a shortcut extension and does not represent any threat.

B. Upload the file to a virus checking engine to compare with well-known viruses as the file is a virus disguised as a legitimate extension.

C. Quarantine the file within the endpoint antivirus solution as the file is a ransomware which will encrypt the documents of a victim.

D. Open the file in a sandbox environment for further behavioral analysis as the file contains a malicious script that runs on execution.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question