New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CFR-410 CyberSec First Responder Questions and Answers

Questions 4

A security investigator has detected an unauthorized insider reviewing files containing company secrets.

Which of the following commands could the investigator use to determine which files have been opened by this user?

Options:

A.

ls

B.

lsof

C.

ps

D.

netstat

Buy Now
Questions 5

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

Options:

A.

iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT

B.

iptables -A INPUT -p tcp –sport 25 -d x.x.x.x -j ACCEPT

C.

iptables -A INPUT -p tcp –dport 25 -j DROP

D.

iptables -A INPUT -p tcp –destination-port 21 -j DROP

E.

iptables -A FORWARD -p tcp –dport 6881:6889 -j DROP

Buy Now
Questions 6

A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the

~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:

“You seem tense. Take a deep breath and relax!”

The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:

\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”

Which of the following BEST represents what the attacker was trying to accomplish?

Options:

A.

Taunt the user and then trigger a shutdown every 15 minutes.

B.

Taunt the user and then trigger a reboot every 15 minutes.

C.

Taunt the user and then trigger a shutdown every 900 minutes.

D.

Taunt the user and then trigger a reboot every 900 minutes.

Buy Now
Questions 7

While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?

Options:

A.

Expanding access

B.

Covering tracks

C.

Scanning

D.

Persistence

Buy Now
Questions 8

A system administrator identifies unusual network traffic from outside the local network. Which of the following

is the BEST method for mitigating the threat?

Options:

A.

Malware scanning

B.

Port blocking

C.

Packet capturing

D.

Content filtering

Buy Now
Questions 9

An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

Options:

A.

Data loss prevention (DLP)

B.

Firewall

C.

Web proxy

D.

File integrity monitoring

Buy Now
Questions 10

Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

Options:

A.

Disk duplicator

B.

EnCase

C.

dd

D.

Forensic Toolkit (FTK)

E.

Write blocker

Buy Now
Questions 11

When attempting to determine which system or user is generating excessive web traffic, analysis of which of

the following would provide the BEST results?

Options:

A.

Browser logs

B.

HTTP logs

C.

System logs

D.

Proxy logs

Buy Now
Questions 12

An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?

Options:

A.

Hardening the infrastructure

B.

Documenting exceptions

C.

Assessing identified exposures

D.

Generating reports

Buy Now
Questions 13

Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?

Options:

A.

Generating reports

B.

Establishing scope

C.

Conducting an audit

D.

Assessing exposures

Buy Now
Questions 14

When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?

Options:

A.

findstr

B.

grep

C.

awk

D.

sigverif

Buy Now
Questions 15

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

Options:

A.

Evidence bags

B.

Lock box

C.

Caution tape

D.

Security envelope

E.

Secure rooms

F.

Faraday boxes

Buy Now
Exam Code: CFR-410
Exam Name: CyberSec First Responder
Last Update: Dec 20, 2024
Questions: 100

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now CFR-410 testing engine

PDF (Q&A)

$36.75  $104.99
buy now CFR-410 pdf