New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Logical Operations CFR-210 Dumps Questions Answers

Page: 1 / 4
Total 100 questions

Logical Operations CyberSec First Responder Questions and Answers

Question 1

A SOC analyst reviews vendor security bulletins and security blog articles against the company’s deployed system and software base. Based on current attack patterns, three vulnerabilities, including a zero-day vulnerability, have been upgraded to high priority. Which of the following should the SOC analyst recommend? (Choose two.)

Options:

A.

Reboot affected servers

B.

Implement DNS filtering

C.

Update IPS rules

D.

Implement application whitelisting

E.

Patch affected systems

Buy Now
Question 2

An outside organization has reported to the Chief Information Officer (CIO) of a company that it has received attack from a Linux system in the company’s DMZ. Which of the following commands should an incident responder use to review a list of currently running programs on the potentially compromised system?

Options:

A.

task manager

B.

tlist

C.

who

D.

top

Question 3

When perpetrating an attack, there are often a number of phases attackers will undertake, sometimes taking place over a long period of time. Place the following phases in the correct chronological order from first (1) to last (5).

Options:

Question 4

Which of the following protocols can be used for data extension?

Options:

A.

SNMP

B.

DNS

C.

ARP

D.

DHCP

Question 5

An incident responder suspects that a host behind a firewall is infected with malware. Which of the following should the responder use to find the IP address of the infected machine?

Options:

A.

NAT table

B.

ARP cache

C.

DNS cache

D.

CAM cable

Question 6

An incident responder is asked to work with the IT department to address patch management issues with the company servers. Which of the following is the BEST source for the incident responder to obtain the CVEs for the latest industry-recognized patches?

Options:

A.

Vulnerabilities database

B.

Intelligence feeds

C.

Security journals

D.

Security blogs

Question 7

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

Options:

A.

Notify the user that their workstation is being confiscated to perform an investigation, providing no details as to the reasoning.

B.

Confiscate the workstation while the suspected employee is out of the office, andperform a search on the asset.

C.

Confiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.

D.

Notify the user that the workstation is being confiscated to perform an investigation, providing complete transparency as to the suspicions.

Question 8

Drag and drop the following steps to perform a successful social engineering attack in the correct order, from first (1) to last (6).

Options:

Question 9

A DMZ web server has been compromised. During the log review, the incident responder wants to parse all common internal Class A addresses from the log. Which of the following commands should the responder use to accomplish this?

Options:

A.

grep –x”(10.[0-9]+.[0-9]+.[0-9]+)” etc/rc.d/apache2/access.log | output.txt

B.

grep –x”(192.168.[0.9]+[0-9])” bin/apache2/access.log | output.txt

C.

grep –v”(10.[0-9]+.[0-9]+.[0-9]+)” /var/log/apache2/access.log > output.txt

D.

grep –v”(192.168.[0.9]+[0-9]+)” /var/log/apache2/access.log > output.txt

Question 10

Network engineering has reported low bandwidth during working hours. The incident response team is currently investigating several anomalous activities that may be related. Which of the following is the MOST appropriate method to further investigate this problem?

Options:

A.

Collecting and analyzing computer logs

B.

Imaging hard disk drives of computers on the network

C.

Capturing network traffic and packet analysis

D.

Penetration testing and port scanning

Question 11

An organization’s firewall has recently been bombarded with an excessive amount of failed requests. A security analyst has been tasked with providing metrics on any failed attempts to ports above 1000. Which of the following regular expressions will work BEST to identify an IP address with the desired port range?

Options:

A.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):({4,5}\d+)\b/

B.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):([4]\D+)\b/

C.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):([4]\d+)\b/

D.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5})\b/

Question 12

Which of the following technologies is used as mitigation to XSS attacks?

Options:

A.

Intrusion prevention

B.

Proxy filtering

C.

Web application firewall

D.

Intrusion detection

Question 13

A security analyst would like to parse through several SQL logs for indicators of compromise. The analyst is aware that none of the fields should contain a string of text longer than 30 characters; however, the analyst is unaware if there are any implemented controls to prevent such an overflow. Which of the following BEST describes the regular expression the analyst should use to find any alphanumeric character string?

Options:

A.

/^[a-zA-Z0-9]{5,30}$/

B.

/^[a-zA-Z-9]{30}$/

C.

/^[a-zA-Z]{5,30}$/

D.

/^[a-Z0-9]{5,30}$/

Question 14

An organization performs regular updates to its network devices to alert and prevent access to streaming media sites by the employees. Each device will send logs and alerts to a centralized server for storage, archive, and analysis. Which of the following BEST describes the system that is correlating the data found in all alerts and logs?

Options:

A.

SIEM

B.

NIDS

C.

HIPS

D.

WIPS

Question 15

A security analyst discovers a zero-day vulnerability affecting Windows, which has not been publicly identified. The security analyst assumes this vulnerability is present on millions of computer system and feels an obligation to share this information with other security professionals. Which of the following would be the MOST adverse consequences of the analyst sharing this information?

Options:

A.

Public exposure of the vulnerability, including to potential attackers

B.

Unexpected media coverage of the discovery

C.

Potential distribution of misinformation

D.

Possible legal consequences for the analyst

Page: 1 / 4
Total 100 questions