Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CertNexus CFR-410 - CyberSec First Responder (CFR) Exam

CertNexus CFR-410 Premium Access     Download Demo    
Page: 2 / 6
Total 180 questions

What term means that data is valid and not corrupt?

A.

Confidentiality

B.

Authorization

C.

Integrity

D.

Authentication

Which of the following tools can be used as an intrusion detection system (IDS)? (Choose three.)

A.

Bro

B.

Wireshark/tshark

C.

Metasploit

D.

Suricata

E.

Snort

A security administrator needs to review events from different systems located worldwide. Which of the

following is MOST important to ensure that logs can be effectively correlated?

A.

Logs should be synchronized to their local time zone.

B.

Logs should be synchronized to a common, predefined time source.

C.

Logs should contain the username of the user performing the action.

D.

Logs should include the physical location of the action performed.

A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?

A.

grep 20151124 security_log | grep –c “login failure”

B.

grep 20150124 security_log | grep “login_failure”

C.

grep 20151124 security_log | grep “login”

D.

grep 20151124 security_log | grep –c “login”

Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?

A.

Generating reports

B.

Establishing scope

C.

Conducting an audit

D.

Assessing exposures

What is baseline security?

A.

A measurement used when a system changes from its original baseline.

B.

An organization's insecure starting point before fixing any security issues.

C.

An organization's secure starting point after fixing any security issues.

D.

A document stipulating constraints and practices that a user must agree to for access to an organization's network.

Which of the following attack vectors capitalizes on a previously undisclosed issue with a software application?

A.

Zero-Day Exploit

B.

Brute Force

C.

Misconfiguration

D.

Ransomware

E.

Phishing

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:

-Running antivirus scans on the affected user machines

-Checking department membership of affected users

-Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

-Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?

A.

Identification

B.

Preparation

C.

Recovery

D.

Containment

Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

A.

Cybercriminals

B.

Hacktivists

C.

State-sponsored hackers

D.

Cyberterrorist

Which of the following is an essential component of a disaster recovery plan?

A.

Memorandums of agreement with vendors

B.

Product service agreements

C.

A dedicated incident response team

D.

Complete hardware and software inventories