Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 115

An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

Answer options

• A. signatures
• B. host IP addresses
• C. file size
• D. dropped files
• E. domain names

Correct answer: B, E

Explanation

To investigate the outbound callouts, knowing the host IP addresses (B) is crucial for identifying the originating machines, and domain names (E) help to determine where the calls were directed. The other options, such as signatures (A), file size (C), and dropped files (D), do not provide direct information related to the outbound connections.