Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Logical Operations
  3. CyberSec First Responder
  4. CFR-210 - Logical Operations CyberSec First Responder

Logical Operations CFR-210 Logical Operations CyberSec First Responder Exam Practice Test

Demo: 15 questions
Total 100 questions
Get CFR-210 Full Access Download CFR-210 PDF

Logical Operations CyberSec First Responder Questions and Answers

Question 1

A Windows system user reports seeing a command prompt window pop up briefly during each login. In which of the following locations would an incident responder check to explain this activity?

Options:

A.

rc.d

B.

HKLM “RunOnce” key

C.

c:\temp

D.

/etc/init.d/

Question 2

Which of the following commands should be used to print out ONLY the second column of items in the following file?

Source_File,txt

Alpha Whiskey

Bravo Tango

Charlie Foxtrot

Echo Oscar

Delta Roger

Options:

A.

cut –d “ “ –f2 source_file.txt

B.

cut –b7-15 source_file.txt

C.

cut –d “ “ –f2 Source_File.txt

D.

cut –c6-12 Source_File.txt

Question 3

An administrator wants to block Java exploits that were not detected by the organization’s antivirus product. Which of the following mitigation methods should an incident responder perform? (Choose two.)

Options:

A.

Utilize DNS filtering

B.

Send binary to AV vendor for analysis

C.

Create a custom IPS signature

D.

Implement an ACL

E.

Block the port on the firewall

Question 4

An incident responder suspects that a host behind a firewall is infected with malware. Which of the following should the responder use to find the IP address of the infected machine?

Options:

A.

NAT table

B.

ARP cache

C.

DNS cache

D.

CAM cable

Question 5

Customers are reporting issues connecting to a company’s Internet server. Which of the following device logs should a technician review in order to help identify the issue?

Options:

A.

WIPS

B.

SSH

C.

WAP

D.

WAF

Question 6

Which of the following resources BEST supports malware analysis?

Options:

A.

Internet service providers

B.

Government websites

C.

Crowdsourced intelligence feed

D.

Internal network management team

Question 7

When determining the threats/vulnerabilities to migrate, it is important to identify which are applicable. Which of the following is the FIRST step to determine applicability?

Options:

A.

Review online vulnerability database

B.

Limit and control network ports, protocols, and services.

C.

Continuously assess and remediate vulnerabilities.

D.

Conduct an assessment of the system infrastructure.

Question 8

A security analyst for a financial services firm is monitoring blogs and reads about a zero-day vulnerability being exploited by a little-known group of hackers. The analyst wishes to independently validate and corroborate the blog’s posting. Whichof the following sources of information will provide the MOST credible supporting threat intelligence in this situation?

Options:

A.

Similar cybersecurity blogs

B.

Threat intelligence sharing groups

C.

Computer emergency response team press release

D.

Internet searches on zero-day exploits

Question 9

The above Linux command is used to search for:

Options:

A.

MAC addresses.

B.

memory addresses.

C.

IPv4 addresses.

D.

IPv6 addresses.

Question 10

A security analyst discovers a zero-day vulnerability affecting Windows, which has not been publicly identified. The security analyst assumes this vulnerability is present on millions of computer system and feels an obligation to share this information with other security professionals. Which of the following would be the MOST adverse consequences of the analyst sharing this information?

Options:

A.

Public exposure of the vulnerability, including to potential attackers

B.

Unexpected media coverage of the discovery

C.

Potential distribution of misinformation

D.

Possible legal consequences for the analyst

Question 11

Organizations should exercise their Incident Response (IR) plan following initial creation. The primary objective for this first IR plan exercise is to identify:

Options:

A.

deficiencies in cyber security incident response team skills.

B.

gaps or overlaps in supporting processes and procedures.

C.

critical steps required in the case of an incident.

D.

capabilities required to improve response time.

Question 12

An alert on user account activity outside of normal business hours returns Windows even IDs 540 and 4624. In which of the following locations will these events be found?

Options:

A.

Application event log

B.

System event log

C.

Setup event log

D.

Security event log

Question 13

A malicious actor sends a crafted email to the office manager using personal information collected from social media. This type of social engineering attack is known as:

Options:

A.

spear phishing

B.

vishing

C.

phishing

D.

whaling

Question 14

Which of the following is the reason that out-of-band communication is used during a security incident?

Options:

A.

The SMTP server may be compromised.

B.

The incident response systems may be busy.

C.

Other communication methods are unreliable.

D.

An attacker could be monitoring network traffic.

Question 15

During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?

Options:

A.

\Windows\Systems32\winevt\logs\System.evt

B.

\Windows\System32\winevt\Logs\System.evtx

C.

\Windows\Systems\winevt\Evtlogs\System.evtx

D.

\Windows\System\winevt\Logs\System.evt

Load More CFR-210 Questions
Demo: 15 questions
Total 100 questions
Get CFR-210 Full Access Download CFR-210 PDF