Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CertNexus CFR-410 - CyberSec First Responder (CFR) Exam

CertNexus CFR-410 Premium Access     Download Demo    
Page: 3 / 6
Total 180 questions

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

A.

Conducting post-assessment tasks

B.

Determining scope

C.

Identifying critical assets

D.

Performing a vulnerability scan

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After

reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

A.

Clear the ARP cache on their system.

B.

Enable port mirroring on the switch.

C.

Filter Wireshark to only show ARP traffic.

D.

Configure the network adapter to promiscuous mode.

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

A.

nbtstat

B.

WinDump

C.

fport

D.

netstat

Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?

A.

Confidentiality

B.

Encryption

C.

Integrity

D.

Availability

E.

Chain of custody

What are three examples of incident response? (Choose three.)

A.

Dealing with systems that are suspected to be used to commit a crime

B.

Collecting data from computer media

C.

Dealing with systems suspected to be the victim of a crime

D.

Analyzing a system

E.

Threat Modeling

A user receives an email about an unfamiliar bank transaction, which includes a link. When clicked, the link redirects the user to a web page that looks exactly like their bank’s website and asks them to log in with their username and password. Which type of attack is this?

A.

Whaling

B.

Smishing

C.

Vishing

D.

Phishing

During an incident, the following actions have been taken:

-Executing the malware in a sandbox environment

-Reverse engineering the malware

-Conducting a behavior analysis

Based on the steps presented, which of the following incident handling processes has been taken?

A.

Containment

B.

Eradication

C.

Recovery

D.

Identification

Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the

following threat motives does this MOST likely represent?

A.

Desire for power

B.

Association/affiliation

C.

Reputation/recognition

D.

Desire for financial gain

Windows Server 2016 log files can be found in which of the following locations?

A.

C:\Windows\System\winevt\Logs

B.

C:\Windows\winevt\System32\Logs

C.

C:\Windows\System32\winevt\Logs

D.

C:\Windows\winevt\System\Logs

The NIST framework 800-137 breaks down the concept of continuous monitoring into which system of tiers?

A.

Tier 1 is information systems, Tier 2 is mission/business processes, and Tier 3 is the organization.

B.

Tier 1 is the organization, Tier 2 is mission/business processes, and Tier 3 is information systems.

C.

Tier 1 is information systems, Tier 2 is the organization, and Tier 3 is mission/business processes.

D.

Tier 1 is the organization, Tier 2 is information systems, and Tier 3 is mission/business processes.