Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. Logical Operations
  3. CyberSec First Responder
  4. CFR-210 - Logical Operations CyberSec First Responder

Logical Operations CFR-210 Logical Operations CyberSec First Responder Exam Practice Test

Page: 1 / 10
Total 100 questions
Get CFR-210 Full Access Download CFR-210 PDF

Logical Operations CyberSec First Responder Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

A system administrator needs to analyze a PCAP file on a Linux workstation where the use of GUI-based applications is restricted. Which of the following command line tools can the administrator use to analyze the PCAP?

Options:

A.

nfdump

B.

cryptcat

C.

tshark

D.

netstat

Question 2

An organization’s public information website has been defaced. The incident response team is actively engaged in the following actions:

- Installing patches on the web server

- Turning off unnecessary services on web server

- Adding new ACL rules to the WAF

- Changing all passwords on web server accounts

Which of the following incident response phases is the team MOST likely conducting?

Options:

A.

Respond

B.

Recover

C.

Contain

D.

Identify

Question 3

A suspicious laptop is found in a datacenter. The laptop is on and processing data, although there is no application open on the screen. Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop’s RAM for working applications?

Options:

A.

Net start and Network analysis

B.

Regedit and Registry analysis

C.

Task manager and Application analysis

D.

Volatility and Memory analysis

Question 4

A system administrator is informed that a user received an email containing a suspicious attachment. Which of the following methods is the FASTEST way to determine whether the file is suspicious or not?

Options:

A.

Reverse engineering

B.

Virus scanning

C.

Virtualization

D.

Sandboxing

Question 5

An organization’s firewall has recently been bombarded with an excessive amount of failed requests. A security analyst has been tasked with providing metrics on any failed attempts to ports above 1000. Which of the following regular expressions will work BEST to identify an IP address with the desired port range?

Options:

A.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):({4,5}\d+)\b/

B.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):([4]\D+)\b/

C.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):([4]\d+)\b/

D.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5})\b/

Question 6

Malicious code that can replicate itself using various techniques is referred to as a:

Options:

A.

downloader

B.

rootkit

C.

launcher

D.

worm

Question 7

A security analyst discovers a zero-day vulnerability affecting Windows, which has not been publicly identified. The security analyst assumes this vulnerability is present on millions of computer system and feels an obligation to share this information with other security professionals. Which of the following would be the MOST adverse consequences of the analyst sharing this information?

Options:

A.

Public exposure of the vulnerability, including to potential attackers

B.

Unexpected media coverage of the discovery

C.

Potential distribution of misinformation

D.

Possible legal consequences for the analyst

Question 8

Which of the following types of logs is shown below, and what can be discerned from its contents?

2015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:31 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:31 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:32 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:32 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:32 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:33 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:33 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:33 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:34 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:34 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:34 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:35 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:35 reject UDP 123.56.71.145 192.141.173.72 1234 80

Options:

A.

Firewall log showing a possible web server attack

B.

Proxy log showing a possible DoS attack

C.

Firewall log showing a possible DoS attack

D.

Proxy log showing a possible web server attack

Question 9

A hacker’s end goal is to target the Chief Financial Officer (CFO) of a bank. Which of the following describes this social engineering tactic?

Options:

A.

Vishing

B.

Pharming

C.

Spear phishing

D.

Whaling

Question 10

To redact or obfuscate sensitive data, a company requires its name be changed throughout a port-incident report. Using a Linux sed command, which of the following will replace the company’s name with “Acme”?

Options:

A.

/Orange/Acme/g

B.

s/Acme/Orange/g

C.

/Acme/Orange/g

D.

s/Orange/Acme/g

Question 11

An attacker has exfiltrated the SAM file from a Windows workstation. Which of the following attacks is MOST likely being perpetrated?

Options:

A.

user enumeration

B.

Brute forcing

C.

Password sniffing

D.

Hijacking/rooting

Question 12

A file is discovered in the /etc directory of an internal server by an automated file integrity checker. A security analyst determines the file is a bash script. The contents are as follows:

---

#/bin/bash

IFS=:

[[-f/etc/passwd]] && cat/etc/passwd |

while read a b c d e f g

do

echo “$e ($a)”

done

---

Which of the following was the author of the script attempting to gather?

Options:

A.

Home directory and shell

B.

Username and password hash

C.

User’s name and username

D.

UID and GID

Question 13

An administrator wants to block Java exploits that were not detected by the organization’s antivirus product. Which of the following mitigation methods should an incident responder perform? (Choose two.)

Options:

A.

Utilize DNS filtering

B.

Send binary to AV vendor for analysis

C.

Create a custom IPS signature

D.

Implement an ACL

E.

Block the port on the firewall

Question 14

Which of the following could an attacker use to perpetrate a social engineering attack? (Choose two.)

Options:

A.

Keylogger

B.

Yagi

C.

Company uniform

D.

Blackdoor

E.

Phone call

Question 15

A UNIX workstation has been compromised. The security analyst discovers high CPU usage during off-hours on the workstation. Which of the following UNIX programs can be used to detect the rogue process? (Choose two.)

Options:

A.

arp

B.

ps

C.

who

D.

dd

E.

top

Load More CFR-210 Questions
Page: 1 / 10
Total 100 questions
Get CFR-210 Full Access Download CFR-210 PDF