New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CFR-210 Logical Operations CyberSec First Responder Questions and Answers

Questions 4

An incident responder is asked to create a disk image of a compromised Linux server. Which of the following commands should be used to do this?

Options:

A.

dd

B.

Isof

C.

gzip

D.

fdisk

E.

mbr

Buy Now
Questions 5

During a malware outbreak, a security analyst has been asked to capture network traffic in hourly increments for analysis by the incident response team. Which of the following tcpdump commands would generate hourly pcap files?

Options:

A.

tcpdump –nn –i eth0 –w output.pcap –C 100 –W 10

B.

tcpdump –nn –i eth0 –w output.pcap –W 24

C.

tcpdump –nn –i eth0 –w output.pcap –G 3600 –W 14

D.

tcpdump –nn –i eth0 –w output.pcap

Buy Now
Questions 6

The above Linux command is used to search for:

Options:

A.

MAC addresses.

B.

memory addresses.

C.

IPv4 addresses.

D.

IPv6 addresses.

Buy Now
Questions 7

While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?

Options:

A.

Packet losses

B.

Excessive bandwidth usage

C.

Service disruption

D.

Off-hours usage

Buy Now
Questions 8

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

Options:

A.

Notify the user that their workstation is being confiscated to perform an investigation, providing no details as to the reasoning.

B.

Confiscate the workstation while the suspected employee is out of the office, andperform a search on the asset.

C.

Confiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.

D.

Notify the user that the workstation is being confiscated to perform an investigation, providing complete transparency as to the suspicions.

Buy Now
Questions 9

An organization’s public information website has been defaced. The incident response team is actively engaged in the following actions:

- Installing patches on the web server

- Turning off unnecessary services on web server

- Adding new ACL rules to the WAF

- Changing all passwords on web server accounts

Which of the following incident response phases is the team MOST likely conducting?

Options:

A.

Respond

B.

Recover

C.

Contain

D.

Identify

Buy Now
Questions 10

A suspicious laptop is found in a datacenter. The laptop is on and processing data, although there is no application open on the screen. Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop’s RAM for working applications?

Options:

A.

Net start and Network analysis

B.

Regedit and Registry analysis

C.

Task manager and Application analysis

D.

Volatility and Memory analysis

Buy Now
Questions 11

An attacker performs reconnaissance on a Chief Executive Officer (CEO) using publicity available resources to gain access to the CEO’s office. The attacker was in the CEO’s office for less than five minutes, and the attack left no traces in any logs, nor was there any readily identifiable cause for the exploit. The attacker in then able to use numerous credentials belonging to the CEO to conduct a variety of further attacks. Which of the following types of exploit is described?

Options:

A.

Pivoting

B.

Malicious linking

C.

Whaling

D.

Keylogging

Buy Now
Questions 12

Which of the following could an attacker use to perpetrate a social engineering attack? (Choose two.)

Options:

A.

Keylogger

B.

Yagi

C.

Company uniform

D.

Blackdoor

E.

Phone call

Buy Now
Questions 13

Which of the following tools can be used to identify open ports and services?

Options:

A.

netstat

B.

tcpdump

C.

nmap

D.

recon-ng

Buy Now
Questions 14

Which of the following are reasons that a hacker would execute a DoS or a DDoS attack? (Choose two.)

Options:

A.

To determine network bandwidth

B.

To distract the incident response team

C.

To distract the remediation team

D.

To promote business operations

E.

To compromise a system and reuse the IP address

Buy Now
Questions 15

When perpetrating an attack, there are often a number of phases attackers will undertake, sometimes taking place over a long period of time. Place the following phases in the correct chronological order from first (1) to last (5).

Options:

Buy Now
Exam Code: CFR-210
Exam Name: Logical Operations CyberSec First Responder
Last Update: Dec 27, 2024
Questions: 100
CFR-210 pdf

CFR-210 PDF

$25.5  $84.99
CFR-210 Engine

CFR-210 Testing Engine

$30  $99.99
CFR-210 PDF + Engine

CFR-210 PDF + Testing Engine

$40.5  $134.99