CFR-410 Sample Questions Answers

A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following

would be the BEST action to take to plan for this kind of attack in the future?

In which of the following attack phases would an attacker use Shodan?

Which of the following is a cybersecurity solution for insider threats to strengthen information protection?

Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)

A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.

The unknown process is MOST likely:

A security administrator needs to review events from different systems located worldwide. Which of the

following is MOST important to ensure that logs can be effectively correlated?

Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?

Tcpdump is a tool that can be used to detect which of the following indicators of compromise?

Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?

An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?

When attempting to determine which system or user is generating excessive web traffic, analysis of which of

the following would provide the BEST results?

Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

Which of the following attacks involves sending a large amount of spoofed User Datagram Protocol (UDP) traffic to a router’s broadcast address within a network?

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)

Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are

MOST important for log integrity? (Choose two.)

The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)

When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:

-Running antivirus scans on the affected user machines

-Checking department membership of affected users

-Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

-Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?

An incident response team is concerned with verifying the integrity of security information and event

management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?

During an incident, the following actions have been taken:

-Executing the malware in a sandbox environment

-Reverse engineering the malware

-Conducting a behavior analysis

Based on the steps presented, which of the following incident handling processes has been taken?

During a log review, an incident responder is attempting to process the proxy server’s log files but finds that

they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?

Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?

A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?

If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?

During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?

A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST

likely used by the analyst for the initial discovery?