Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CertNexus CFR-410 - CyberSec First Responder (CFR) Exam

CertNexus CFR-410 Premium Access     Download Demo    
Page: 5 / 6
Total 180 questions

Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?

A.

Dictionary attack

B.

Password guessing

C.

Brute force attack

D.

Rainbow tables

An incident handler is assigned to initiate an incident response for a complex network that has been affected

by malware. Which of the following actions should be taken FIRST?

A.

Make an incident response plan.

B.

Prepare incident response tools.

C.

Isolate devices from the network.

D.

Capture network traffic for analysis.

Which three tools are used for integrity verification of files? (Choose three.)

A.

sha256sum

B.

ent

C.

pgp32

D.

md5sum

E.

md5deep

Traditional SIEM systems provide:

A.

Unknown Attacks Analysis User Behavior Analysis and Network Anomalies

B.

Aggregation, Normalization, Correlation, and Alerting.

C.

Static Malware Analysis, Dynamic Malware Analysis, and Hybrid Malware Analysis.

D.

Privileged Identity Management. Privileged Access Management, and Identity and Access Management.

Which of the following, when exposed together, constitutes PII? (Choose two.)

A.

Full name

B.

Birth date

C.

Account balance

D.

Marital status

E.

Employment status

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

A.

Notifying law enforcement

B.

Notifying the media

C.

Notifying a national compute emergency response team (CERT) or cybersecurity incident response team (CSIRT)

D.

Notifying the relevant vendor

E.

Notifying a mitigation expert

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)

A.

NetFlow logs

B.

Web server logs

C.

Domain controller logs

D.

Proxy logs

E.

FTP logs

Where are log entries written for auditd in Linux?

A.

/etc/audit/audit.rules

B.

/var/log/audit/messages

C.

/var/log/audit/audit.log

D.

/var/log/audit.log

E.

/etc/audit/audit.conf

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

A.

Evidence bags

B.

Lock box

C.

Caution tape

D.

Security envelope

E.

Secure rooms

F.

Faraday boxes

Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)

A.

Installing patches

B.

Updating configurations

C.

Documenting exceptions

D.

Conducting audits

E.

Generating reports