New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CertNexus CFR-410 CyberSec First Responder Exam Practice Test

Demo: 15 questions
Total 100 questions

CyberSec First Responder Questions and Answers

Question 1

A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there is little endpoint security implementation on the company’s systems. Which of the following could be included in an endpoint security solution? (Choose two.)

Options:

A.

Web proxy

B.

Network monitoring system

C.

Data loss prevention (DLP)

D.

Anti-malware

E.

Network Address Translation (NAT)

Question 2

Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are

MOST important for log integrity? (Choose two.)

Options:

A.

Hash value

B.

Time stamp

C.

Log type

D.

Modified date/time

E.

Log path

Question 3

Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)

Options:

A.

Default port state

B.

Default credentials

C.

Default protocols

D.

Default encryption

E.

Default IP address

Question 4

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)

Options:

A.

NetFlow logs

B.

Web server logs

C.

Domain controller logs

D.

Proxy logs

E.

FTP logs

Question 5

A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?

Options:

A.

Exploits

B.

Security

C.

Asset

D.

Probability

Question 6

A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST

likely used by the analyst for the initial discovery?

Options:

A.

syslog

B.

MSConfig

C.

Event Viewer

D.

Process Monitor

Question 7

An incident handler is assigned to initiate an incident response for a complex network that has been affected

by malware. Which of the following actions should be taken FIRST?

Options:

A.

Make an incident response plan.

B.

Prepare incident response tools.

C.

Isolate devices from the network.

D.

Capture network traffic for analysis.

Question 8

A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?

Options:

A.

# tcpdump -i eth0 host 88.143.12.123

B.

# tcpdump -i eth0 dst 88.143.12.123

C.

# tcpdump -i eth0 host 192.168.10.121

D.

# tcpdump -i eth0 src 88.143.12.123

Question 9

Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?

Options:

A.

Dictionary attack

B.

Password guessing

C.

Brute force attack

D.

Rainbow tables

Question 10

During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?

Options:

A.

Reconnaissance

B.

Scanning

C.

Gaining access

D.

Persistence

Question 11

A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?

Options:

A.

tr -d

B.

uniq -c

C.

wc -m

D.

grep -c

Question 12

After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?

Options:

A.

md5sum

B.

sha256sum

C.

md5deep

D.

hashdeep

Question 13

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After

reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

Options:

A.

Clear the ARP cache on their system.

B.

Enable port mirroring on the switch.

C.

Filter Wireshark to only show ARP traffic.

D.

Configure the network adapter to promiscuous mode.

Question 14

Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

Options:

A.

Disk duplicator

B.

EnCase

C.

dd

D.

Forensic Toolkit (FTK)

E.

Write blocker

Question 15

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?

Options:

A.

3 months

B.

6 months

C.

1 year

D.

5 years

Demo: 15 questions
Total 100 questions