New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Logical Operations > CyberSec First Responder > CFR-210

CFR-210 Logical Operations CyberSec First Responder Question and Answers

Question # 4

A security analyst for a financial services firm is monitoring blogs and reads about a zero-day vulnerability being exploited by a little-known group of hackers. The analyst wishes to independently validate and corroborate the blog’s posting. Whichof the following sources of information will provide the MOST credible supporting threat intelligence in this situation?

A.

Similar cybersecurity blogs

B.

Threat intelligence sharing groups

C.

Computer emergency response team press release

D.

Internet searches on zero-day exploits

Full Access
Question # 5

Customers are reporting issues connecting to a company’s Internet server. Which of the following device logs should a technician review in order to help identify the issue?

A.

WIPS

B.

SSH

C.

WAP

D.

WAF

Full Access
Question # 6

When investigating a wireless attack, which of the following can be obtained from the DHCP server?

A.

MAC address of the attacker

B.

Operating system of the attacker

C.

IP traffic between the attacker and victim

D.

Effectiveness of the VLAN terminator

Full Access
Question # 7

A malicious actor sends a crafted email to the office manager using personal information collected from social media. This type of social engineering attack is known as:

A.

spear phishing

B.

vishing

C.

phishing

D.

whaling

Full Access
Question # 8

When perpetrating an attack, there are often a number of phases attackers will undertake, sometimes taking place over a long period of time. Place the following phases in the correct chronological order from first (1) to last (5).

Full Access
Question # 9

A malware analyst has been assigned the task of reverse engineering malicious code. To conduct the analysis safely, which of the following could the analyst implement?

A.

Honeypot

B.

VLAN

C.

Lock box

D.

Sandbox

Full Access
Question # 10

When determining the threats/vulnerabilities to migrate, it is important to identify which are applicable. Which of the following is the FIRST step to determine applicability?

A.

Review online vulnerability database

B.

Limit and control network ports, protocols, and services.

C.

Continuously assess and remediate vulnerabilities.

D.

Conduct an assessment of the system infrastructure.

Full Access
Question # 11

An administrator wants to block Java exploits that were not detected by the organization’s antivirus product. Which of the following mitigation methods should an incident responder perform? (Choose two.)

A.

Utilize DNS filtering

B.

Send binary to AV vendor for analysis

C.

Create a custom IPS signature

D.

Implement an ACL

E.

Block the port on the firewall

Full Access
Question # 12

A security auditor has been asked to analyze event logs to look for signs of suspicious behavior. The company operated on a normal workday schedule (e.g., Monday through Friday, 8 am – 5 pm) and has implemented stringent access control policies (e.g. password complexity, failed login attempts). Which of the following provides the MOST reason for concern?

A.

15 failed login attempts taking place at 9 am.

B.

Regularly occurring system calls taking place every day at midnight.

C.

Two failed login attempts followed by a successful login in short succession.

D.

A single instance of failed read attempts on a protected directory structure.

Full Access
Question # 13

An attacker has exfiltrated the SAM file from a Windows workstation. Which of the following attacks is MOST likely being perpetrated?

A.

user enumeration

B.

Brute forcing

C.

Password sniffing

D.

Hijacking/rooting

Full Access
Question # 14

An attacker has decided to attempt a brute force attack on a UNIX server. In order to accomplish this, which of the following steps must be performed?

A.

Exfiltrate the shadow and SAM, run unshadow, and then runa password cracking utility on the output file.

B.

Exfiltrate the shadow and passwd, and then run a password cracking utility on both files.

C.

Exfiltrate the shadow and SAM, and then run a password cracking utility on both files.

D.

Exfiltrate the shadowand passwd, run unshadow, and then run a password cracking utility on the output file.

Full Access
Question # 15

A network administrator has been asked to configure a new network. It is the company’s policy to segregate network functions using different Virtual LANs (VLANs). On which of the following is this configuration MOST likely to occur?

A.

Network switch

B.

Virtual Machine

C.

Virtual Private Network

D.

Network firewall

Full Access