CFR-410 CyberSec First Responder Questions and Answers

A security investigator has detected an unauthorized insider reviewing files containing company secrets.

Which of the following commands could the investigator use to determine which files have been opened by this user?

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:

-Running antivirus scans on the affected user machines

-Checking department membership of affected users

-Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

-Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?

It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

An incident handler is assigned to initiate an incident response for a complex network that has been affected

by malware. Which of the following actions should be taken FIRST?

Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?

Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)

After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?

Which of the following enables security personnel to have the BEST security incident recovery practices?

Detailed step-by-step instructions to follow during a security incident are considered: