Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CertNexus CFR-410 Dumps Questions Answers

Page: 1 / 14
Total 180 questions

CyberSec First Responder (CFR) Exam Questions and Answers

Question 1

Which are successful Disaster Recovery Plan best practices options to be considered? (Choose three.)

Options:

A.

Isolate the services and data as much as possible.

B.

Back up to a NAS device that is attached 24 hours a day, 7 days a week.

C.

Understand which processes are critical to the business and have to run in disaster recovery.

D.

Maintain integrity between primary and secondary deployments.

E.

Store any data elements in the root storage that is used for root access for the workspace.

Buy Now
Question 2

During an audit, an organization's ability to establish key performance indicators for its service hosting solution is discovered to be weak. What could be the cause of this?

Options:

A.

Improper deployment of the Service-Oriented Architecture

B.

Insufficient Service Level Agreement (SLA)

C.

Absence of a Business Intelligence (Bl) solution

D.

Inadequate Cost Modeling (CM)

Question 3

When performing a vulnerability assessment from outside the perimeter, which of the following network devices is MOST likely to skew the scan results?

Options:

A.

Access Point

B.

Router

C.

Firewall

D.

IDS

E.

Switch

Question 4

Which of the following plans helps IT security staff detect, respond to, and recover from a cyber attack?

Options:

A.

Data Recovery Plan

B.

Incident Response Plan

C.

Disaster Recovery Plan

D.

Business Impact Plan

Question 5

What allows a company to restore normal business operations in a matter of minutes or seconds?

Options:

A.

Cold site

B.

Warm site

C.

Mobile site

D.

Hot site

Question 6

What is the definition of a security breach?

Options:

A.

An event or series of correlated events that indicate a potential violation of some control or policy.

B.

Unauthorized access that violates the authentication, authorization, and accounting of an information asset through intentional access, destruction, or manipulation of an information asset.

C.

An event or series of uncorrelated events that indicate a potential violation of some control or policy has occurred.

D.

Unauthorized access that violates the confidentiality, integrity, or availability of an information asset in the form of unintentional access, destruction, or manipulation of an information asset.

Question 7

During a log review, an incident responder is attempting to process the proxy server’s log files but finds that

they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?

Options:

A.

Hex editor, searching

B.

tcpdump, indexing

C.

PE Explorer, indexing

D.

Notepad, searching

Question 8

ABC Company uses technical compliance tests to verify that its IT systems are configured according to organizational information security policies, standards, and guidelines. Which two tools and controls can ABC Company use to verify that its IT systems are configured accordingly? (Choose two.)

Options:

A.

Implementing Automated Key Management Procedures

B.

Implementing Automated Human Resource Procedures

C.

Performing Vulnerability Assessments and Penetration Testing

D.

Implementing Baseline Configuration Security Controls

Question 9

Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?

Options:

A.

Security and evaluating the electronic crime scene.

B.

Transporting the evidence to the forensics lab

C.

Packaging the electronic device

D.

Conducting preliminary interviews

Question 10

Tcpdump is a tool that can be used to detect which of the following indicators of compromise?

Options:

A.

Unusual network traffic

B.

Unknown open ports

C.

Poor network performance

D.

Unknown use of protocols

Question 11

An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?

Options:

A.

Internet Message Access Protocol (IMAP)

B.

Network Basic Input/Output System (NetBIOS)

C.

Database

D.

Network Time Protocol (NTP)

Question 12

Which three of the following are included in encryption architecture? (Choose three.)

Options:

A.

Certificate

B.

Encryption keys

C.

Encryption engine

D.

Database encryption

E.

Data

Question 13

To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)

Options:

A.

Changing the default password

B.

Updating the device firmware

C.

Setting up new users

D.

Disabling IPv6

E.

Enabling the firewall

Question 14

Which term best describes an asset's susceptibility to damage or loss due to a threat?

Options:

A.

Exposure

B.

Attack

C.

Breach

D.

Threat

Question 15

Which of the following does the command nmap –open 10.10.10.3 do?

Options:

A.

Execute a scan on a single host, returning only open ports.

B.

Execute a scan on a subnet, returning detailed information on open ports.

C.

Execute a scan on a subnet, returning all hosts with open ports.

D.

Execute a scan on a single host, returning open services.

Question 16

Which service is commonly found on port 3306?

Options:

A.

BitTorrent

B.

MySQL

C.

MS-RPC

D.

Oracle SQL*Net Listener

Question 17

A company website was hacked via the following SQL query:

email, passwd, login_id, full_name FROM members

WHERE email = “attacker@somewhere.com”; DROP TABLE members; –”

Which of the following did the hackers perform?

Options:

A.

Cleared tracks of attacker@somewhere.com entries

B.

Deleted the entire members table

C.

Deleted the email password and login details

D.

Performed a cross-site scripting (XSS) attack

Question 18

Which of the following represents a front-end security capability that addresses cyber resiliency?

Options:

A.

Multi-factor authentication

B.

Immutability of backups

C.

Key management

D.

Physical separation of backups

Question 19

Which of the following describes United States federal government cybersecurity policies and guidelines?

Options:

A.

NIST

B.

ANSI

C.

NERC

D.

GDPR

Question 20

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

Options:

A.

iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT

B.

iptables -A INPUT -p tcp –sport 25 -d x.x.x.x -j ACCEPT

C.

iptables -A INPUT -p tcp –dport 25 -j DROP

D.

iptables -A INPUT -p tcp –destination-port 21 -j DROP

E.

iptables -A FORWARD -p tcp –dport 6881:6889 -j DROP

Question 21

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

Options:

A.

nbtstat

B.

WinDump

C.

fport

D.

netstat

Question 22

A system administrator identifies unusual network traffic from outside the local network. Which of the following

is the BEST method for mitigating the threat?

Options:

A.

Malware scanning

B.

Port blocking

C.

Packet capturing

D.

Content filtering

Question 23

Which of the following is BEST suited to prevent piggybacking into a sensitive or otherwise restricted area of a facility?

Options:

A.

Mantrap

B.

PIN

C.

Biometric controls

D.

ID Card

Question 24

A network administrator has determined that network performance has degraded due to excessive use of

social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?

Options:

A.

Whitelisting

B.

Web content filtering

C.

Network segmentation

D.

Blacklisting

Question 25

What are three examples of incident response? (Choose three.)

Options:

A.

Dealing with systems that are suspected to be used to commit a crime

B.

Collecting data from computer media

C.

Dealing with systems suspected to be the victim of a crime

D.

Analyzing a system

E.

Threat Modeling

Question 26

A digital forensics investigation requires analysis of a compromised system's physical memory. Which of the following tools should the forensics analyst use to complete this task?

Options:

A.

Autopsy

B.

FTK

C.

Volatility

D.

Wire shark

E.

CAINE

Question 27

Which of the following backup strategies will result in the shortest backup time during weekdays and use the least amount of storage space but incur the longest restore time?

Options:

A.

Full weekly backup with daily differential backups.

B.

Mirror backups on a daily basis.

C.

Full backups on a daily basis.

D.

Full weekly backup with daily incremental backups.

Question 28

Where are log entries written for auditd in Linux?

Options:

A.

/etc/audit/audit.rules

B.

/var/log/audit/messages

C.

/var/log/audit/audit.log

D.

/var/log/audit.log

E.

/etc/audit/audit.conf

Question 29

Organizations considered “covered entities” are required to adhere to which compliance requirement?

Options:

A.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

B.

Payment Card Industry Data Security Standard (PCI DSS)

C.

Sarbanes-Oxley Act (SOX)

D.

International Organization for Standardization (ISO) 27001

Question 30

When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?

Options:

A.

DNS cache

B.

ARP cache

C.

CAM table

D.

NAT table

Question 31

Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?

Options:

A.

Confidentiality

B.

Encryption

C.

Integrity

D.

Availability

E.

Chain of custody

Question 32

While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?

Options:

A.

Expanding access

B.

Covering tracks

C.

Scanning

D.

Persistence

Question 33

If an organization suspects criminal activity during the response to an incident, when should they notify law enforcement authorities?

Options:

A.

After one day of network downtime.

B.

According to a pre-defined cost threshold.

C.

As soon as criminal activity is suspected.

D.

After the criminal activity is confirmed.

Question 34

After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

Options:

A.

Stealth scanning

B.

Xmas scanning

C.

FINS scanning

D.

Port scanning

Question 35

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

Options:

A.

Internet Relay Chat (IRC)

B.

Dnscat2

C.

Custom channel

D.

File Transfer Protocol (FTP)

Question 36

A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?

Options:

A.

grep 20151124 security_log | grep –c “login failure”

B.

grep 20150124 security_log | grep “login_failure”

C.

grep 20151124 security_log | grep “login”

D.

grep 20151124 security_log | grep –c “login”

Question 37

A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be

PRIMARY focus of the incident response team?

Options:

A.

Restore service and eliminate the business impact.

B.

Determine effective policy changes.

C.

Inform the company board about the incident.

D.

Contact the city police for official investigation.

Question 38

An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.

Which of the following provides the organization with the BEST chance for recovering their data?

Options:

A.

Application white listing!

B.

Antivirus software

C.

Paying the ransom

D.

Offsite backups

Question 39

According to SANS, when should an incident retrospective be performed?

Options:

A.

After law enforcement has identified the perpetrators of the attack.

B.

Within six months following the end of the incident.

C.

No later than two weeks from the end of the incident.

D.

Immediately concluding eradication of the root cause

Question 40

Which term describes the process of collecting logs from many sources across an IT infrastructure into a single, centralized platform to be reviewed and analyzed?

Options:

A.

Log processing

B.

Log aggregation

C.

Log monitoring

D.

Log normalization

E.

Log correlation

Question 41

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

Options:

A.

Notifying law enforcement

B.

Notifying the media

C.

Notifying a national compute emergency response team (CERT) or cybersecurity incident response team (CSIRT)

D.

Notifying the relevant vendor

E.

Notifying a mitigation expert

Question 42

Which of the following is a cybersecurity solution for insider threats to strengthen information protection?

Options:

A.

Web proxy

B.

Data loss prevention (DLP)

C.

Anti-malware

D.

Intrusion detection system (IDS)

Question 43

What is baseline security?

Options:

A.

A measurement used when a system changes from its original baseline.

B.

An organization's insecure starting point before fixing any security issues.

C.

An organization's secure starting point after fixing any security issues.

D.

A document stipulating constraints and practices that a user must agree to for access to an organization's network.

Question 44

Which encryption technology was built into Mac OS X?

Options:

A.

VeraCrypt

B.

FileVault

C.

LUKS

D.

Bitlocker

Question 45

Vulnerability scanners generally classify vulnerabilities by which of the following? (Choose two.)

Options:

A.

Exploit range

B.

Costs

C.

Severity level

D.

Zero days

E.

Threat modeling

Question 46

An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?

Options:

A.

Password sniffing

B.

Brute force attack

C.

Rainbow tables

D.

Dictionary attack

Question 47

Which answer option is a tactic of social engineering in which an attacker engages in an attack performed by phone?

Options:

A.

Smishing

B.

Pretexting

C.

Vishing

D.

Phishing

Question 48

Which of the following sources is best suited for monitoring threats and vulnerabilities?

Options:

A.

QVVASP

B.

CVE

C.

DISA STIG

D.

SANS

Question 49

The statement of applicability (SOA) document forms a fundamental part of which framework?

Options:

A.

Generally Accepted Privacy Principles (GAPP)

B.

HIPAA

C.

NIST Privacy Framework

D.

ISO/IEC 27000 series

Question 50

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After

reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

Options:

A.

Clear the ARP cache on their system.

B.

Enable port mirroring on the switch.

C.

Filter Wireshark to only show ARP traffic.

D.

Configure the network adapter to promiscuous mode.

Question 51

What are the two most appropriate binary analysis techniques to use in digital forensics analysis? (Choose two.)

Options:

A.

Injection Analysis

B.

Forensic Analysis

C.

Static Analysis

D.

Dynamic Analysis

Question 52

Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)

Options:

A.

Increases browsing speed

B.

Filters unwanted content

C.

Limits direct connection to Internet

D.

Caches frequently-visited websites

E.

Decreases wide area network (WAN) traffic

Question 53

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?

Options:

A.

3 months

B.

6 months

C.

1 year

D.

5 years

Question 54

After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?

Options:

A.

Covert channels

B.

File sharing services

C.

Steganography

D.

Rogue service

Page: 1 / 14
Total 180 questions