Practice Cisco 300-220 Exam Questions

What is the classification of the pass - the - hash technique according to the MITRE ATT&CK framework?

Refer to the exhibit.



A forensic team must investigate how the company website was defaced. The team isolates the web server, clones the disk, and analyzes the logs. Which technique was used by the attacker initially to access the website?

The security team detects an alert regarding a potentially malicious file named Financial_Data_526280622.pdf downloaded by a user. Upon reviewing SIEM logs and Cisco Secure Endpoint, the team confirms that the file was obtained from an untrusted website. The hash analysis of the file returns an unknown status. Which action must be done next?

A security team wants to create a plan to protect companies from lateral movement attacks. The team already implemented detection alerts for pass - the - hash and pass - the - ticket techniques. Which two components must be monitored to hunt for lateral movement attacks on endpoints? (Choose two.)

The SOC team receives an alert about a user sign - in from an unusual country. After investigating the SIEM logs, the team confirms the user never signed in from that country. The incident is reported to the IT administrator who resets the user's password. Which threat hunting phase was initially used?