Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

CFR-410 CyberSec First Responder (CFR) Exam Questions and Answers

Questions 4

Which of the following actions should be done by the incident response team after completing the recovery phase of the cyber incident caused by malware?

Options:

A.

Eradicate the malware.

B.

Conduct lessons learned.

C.

Isolate the malware from the system.

D.

Collect evidence for the lawsuit.

E.

Analyze the behavior of the malware.

Buy Now
Questions 5

Which concept involves having more than one person required to complete a task?

Options:

A.

Separation of duties

B.

Mandatory access control

C.

Discretionary access control

D.

Least privilege

Buy Now
Questions 6

How does encryption work to protect information on remote workers' computers?

Options:

A.

It is difficult to set up, so an unskilled attacker won't be able to figure it out.

B.

Without the proper key, an attacker won't be able to unscramble the encrypted information.

C.

Using encryption requires advanced training in mathematics, which is beyond the capabilities of most attackers.

D.

Information can be encrypted but it can never be decrypted leaving an attacker unable to read the information

Buy Now
Questions 7

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

Options:

A.

Notifying law enforcement

B.

Notifying the media

C.

Notifying a national compute emergency response team (CERT) or cybersecurity incident response team (CSIRT)

D.

Notifying the relevant vendor

E.

Notifying a mitigation expert

Buy Now
Questions 8

An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.

Which of the following provides the organization with the BEST chance for recovering their data?

Options:

A.

Application white listing!

B.

Antivirus software

C.

Paying the ransom

D.

Offsite backups

Buy Now
Questions 9

Which encryption technology was built into Mac OS X?

Options:

A.

VeraCrypt

B.

FileVault

C.

LUKS

D.

Bitlocker

Buy Now
Questions 10

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?

Options:

A.

3 months

B.

6 months

C.

1 year

D.

5 years

Buy Now
Questions 11

Which of the following security best practices should a web developer reference when developing a new web- based application?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Risk Management Framework (RMF)

C.

World Wide Web Consortium (W3C)

D.

Open Web Application Security Project (OWASP)

Buy Now
Questions 12

Which term best describes an asset's susceptibility to damage or loss due to a threat?

Options:

A.

Exposure

B.

Attack

C.

Breach

D.

Threat

Buy Now
Questions 13

A system administrator has been tasked with developing highly detailed instructions for patching managed assets using the corporate patch management solution. These instructions are an example of which of the following?

Options:

A.

Process

B.

Procedure

C.

Standard

D.

Policy

Buy Now
Questions 14

Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?

Options:

A.

Confidentiality

B.

Encryption

C.

Integrity

D.

Availability

E.

Chain of custody

Buy Now
Questions 15

What is baseline security?

Options:

A.

A measurement used when a system changes from its original baseline.

B.

An organization's insecure starting point before fixing any security issues.

C.

An organization's secure starting point after fixing any security issues.

D.

A document stipulating constraints and practices that a user must agree to for access to an organization's network.

Buy Now
Questions 16

After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

Options:

A.

Stealth scanning

B.

Xmas scanning

C.

FINS scanning

D.

Port scanning

Buy Now
Questions 17

Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)

Options:

A.

Increases browsing speed

B.

Filters unwanted content

C.

Limits direct connection to Internet

D.

Caches frequently-visited websites

E.

Decreases wide area network (WAN) traffic

Buy Now
Questions 18

Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

Options:

A.

Cybercriminals

B.

Hacktivists

C.

State-sponsored hackers

D.

Cyberterrorist

Buy Now
Questions 19

The "right to be forgotten" is considered a core tenet of which of the following privacy-focused acts or regulations?

Options:

A.

GDPR

B.

CCPA

C.

PPA

D.

HIPPA

E.

COPPA

Buy Now
Questions 20

Organizations considered “covered entities” are required to adhere to which compliance requirement?

Options:

A.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

B.

Payment Card Industry Data Security Standard (PCI DSS)

C.

Sarbanes-Oxley Act (SOX)

D.

International Organization for Standardization (ISO) 27001

Buy Now
Questions 21

What are the two most appropriate binary analysis techniques to use in digital forensics analysis? (Choose two.)

Options:

A.

Injection Analysis

B.

Forensic Analysis

C.

Static Analysis

D.

Dynamic Analysis

Buy Now
Questions 22

An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?

Options:

A.

Hex editor

B.

tcpdump

C.

Wireshark

D.

Snort

Buy Now
Questions 23

Which three answer options are password attack methods and techniques? (Choose three.)

Options:

A.

Cross-Site Scripting attack

B.

Brute force attack

C.

Man-in-the-middle attack

D.

Hybrid attack

E.

Dictionary attack

Buy Now
Questions 24

Which two answer options correctly highlight the difference between static and dynamic binary analysis techniques? (Choose two.)

Options:

A.

Dynamic analysis tells everything the program can do. and static analysis tells exactly what the program does when it is executed in a given environment and with a particular input.

B.

Static analysis tells everything the program can do. and dynamic analysis tells exactly what the program does when it is executed in a given environment and with a particular input.

C.

Dynamic analysis examines the binary without executing it, while static analysis executes the program and observes its behavior.

D.

Static analysis examines the binary without executing it. while dynamic analysis executes the program and observes its behavior.

Buy Now
Questions 25

Which of the following regulations is most applicable to a public utility provider operating in the United States?

Options:

A.

GDPR

B.

NERC

C.

FISMA

D.

HIPAA

Buy Now
Questions 26

When attempting to determine which system or user is generating excessive web traffic, analysis of which of

the following would provide the BEST results?

Options:

A.

Browser logs

B.

HTTP logs

C.

System logs

D.

Proxy logs

Buy Now
Questions 27

An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following

BEST describes what is occurring?

Options:

A.

The network is experiencing a denial of service (DoS) attack.

B.

A malicious user is exporting sensitive data.

C.

Rogue hardware has been installed.

D.

An administrator has misconfigured a web proxy.

Buy Now
Questions 28

A security administrator needs to review events from different systems located worldwide. Which of the

following is MOST important to ensure that logs can be effectively correlated?

Options:

A.

Logs should be synchronized to their local time zone.

B.

Logs should be synchronized to a common, predefined time source.

C.

Logs should contain the username of the user performing the action.

D.

Logs should include the physical location of the action performed.

Buy Now
Questions 29

Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)

Options:

A.

Default port state

B.

Default credentials

C.

Default protocols

D.

Default encryption

E.

Default IP address

Buy Now
Questions 30

Which of the following does the command nmap –open 10.10.10.3 do?

Options:

A.

Execute a scan on a single host, returning only open ports.

B.

Execute a scan on a subnet, returning detailed information on open ports.

C.

Execute a scan on a subnet, returning all hosts with open ports.

D.

Execute a scan on a single host, returning open services.

Buy Now
Questions 31

Vulnerability scanners generally classify vulnerabilities by which of the following? (Choose two.)

Options:

A.

Exploit range

B.

Costs

C.

Severity level

D.

Zero days

E.

Threat modeling

Buy Now
Questions 32

An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been

compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?

Options:

A.

Geolocation

B.

False positive

C.

Geovelocity

D.

Advanced persistent threat (APT) activity

Buy Now
Questions 33

It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

Options:

A.

Power resources

B.

Network resources

C.

Disk resources

D.

Computing resources

E.

Financial resources

Buy Now
Questions 34

An organization that recently suffered a ransomware attack found that its backups were faulty. Which of the following steps could BEST ensure reliable backups in the future?

Options:

A.

Storing backups at an offsite location.

B.

Implementing periodic tests of backups.

C.

Backing up all data to solid-state storage.

D.

Conducting a full asset inventory assessment.

Buy Now
Questions 35

A system administrator identifies unusual network traffic from outside the local network. Which of the following

is the BEST method for mitigating the threat?

Options:

A.

Malware scanning

B.

Port blocking

C.

Packet capturing

D.

Content filtering

Buy Now
Questions 36

Which two options represent the most basic methods for designing a DMZ network firewall? (Choose two.)

Options:

A.

Software firewall

B.

Single firewall

C.

Triple firewall

D.

Dual firewall

Buy Now
Questions 37

According to SANS, when should an incident retrospective be performed?

Options:

A.

After law enforcement has identified the perpetrators of the attack.

B.

Within six months following the end of the incident.

C.

No later than two weeks from the end of the incident.

D.

Immediately concluding eradication of the root cause

Buy Now
Questions 38

A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?

Options:

A.

tr -d

B.

uniq -c

C.

wc -m

D.

grep -c

Buy Now
Questions 39

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

Options:

A.

nbtstat

B.

WinDump

C.

fport

D.

netstat

Buy Now
Questions 40

Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?

Options:

A.

Security and evaluating the electronic crime scene.

B.

Transporting the evidence to the forensics lab

C.

Packaging the electronic device

D.

Conducting preliminary interviews

Buy Now
Questions 41

Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the

following threat motives does this MOST likely represent?

Options:

A.

Desire for power

B.

Association/affiliation

C.

Reputation/recognition

D.

Desire for financial gain

Buy Now
Questions 42

Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?

Options:

A.

There may be duplicate computer names on the network.

B.

The computer name may not be admissible evidence in court.

C.

Domain Name System (DNS) records may have changed since the log was created.

D.

There may be field name duplication when combining log files.

Buy Now
Questions 43

Which of the following types of digital evidence is considered the MOST volatile?

Options:

A.

Data on a hard disk

B.

Temporary file space

C.

Swap file

D.

Random access memory

Buy Now
Questions 44

Which two answer options are the BEST reasons to conduct post-incident reviews after an incident occurs in an organization? (Choose two.)

Options:

A.

To help leverage automated scanning tools and ad hoc tests

B.

To help identify lessons learned and follow-up action.

C.

To help identify event detection information.

D.

To help prevent an incident recurrence.

Buy Now
Questions 45

A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?

Options:

A.

# tcpdump -i eth0 host 88.143.12.123

B.

# tcpdump -i eth0 dst 88.143.12.123

C.

# tcpdump -i eth0 host 192.168.10.121

D.

# tcpdump -i eth0 src 88.143.12.123

Buy Now
Questions 46

What is the primary role of an intrusion detection system (IDS) on a network?

Options:

A.

Blocking malicious packets

B.

Detection of possible threats

C.

Detection of network vulnerabilities

D.

Detection of system failures

Buy Now
Questions 47

Which three disk image formats are used for evidence collection and preservation? (Choose three.)

Options:

A.

RAW(DD)

B.

E01

C.

AFF

D.

APFS

E.

EXT4

Buy Now
Questions 48

Which three tools are used for integrity verification of files? (Choose three.)

Options:

A.

sha256sum

B.

ent

C.

pgp32

D.

md5sum

E.

md5deep

Buy Now
Questions 49

What is the primary purpose of the "information security incident triage and processing function" in the (CSIRT) Computer Security Incident Response Team Services Framework?

Options:

A.

To analyze and gain an understanding of a confirmed information security incident.

B.

To initially review, categorize, prioritize, and process a reported information security incident.

C.

To receive and process reports of potential information security incidents from constituents, Information Security Event Management services, or third parties.

D.

To accept or receive information about an information security incident, as reported from constituents or third parties.

Buy Now
Questions 50

Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?

Options:

A.

Transaction logs

B.

Intellectual property

C.

PII/PHI

D.

Network architecture

Buy Now
Questions 51

After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?

Options:

A.

md5sum

B.

sha256sum

C.

md5deep

D.

hashdeep

Buy Now
Questions 52

Which service is commonly found on port 3306?

Options:

A.

BitTorrent

B.

MySQL

C.

MS-RPC

D.

Oracle SQL*Net Listener

Buy Now
Questions 53

A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?

Options:

A.

Exploits

B.

Security

C.

Asset

D.

Probability

Buy Now
Questions 54

Which of the following plans helps IT security staff detect, respond to, and recover from a cyber attack?

Options:

A.

Data Recovery Plan

B.

Incident Response Plan

C.

Disaster Recovery Plan

D.

Business Impact Plan

Buy Now
Exam Code: CFR-410
Exam Name: CyberSec First Responder (CFR) Exam
Last Update: Apr 2, 2025
Questions: 180
CFR-410 pdf

CFR-410 PDF

$25.5  $84.99
CFR-410 Engine

CFR-410 Testing Engine

$30  $99.99
CFR-410 PDF + Engine

CFR-410 PDF + Testing Engine

$40.5  $134.99