CFR-210 Exam Details

  • Exam Code
    :CFR-210
  • Exam Name
    :CyberSec First Responder
  • Certification
    :Logical Operations Certifications
  • Vendor
    :Logical Operations
  • Total Questions
    :100 Q&As
  • Last Updated
    :

Logical Operations CFR-210 Online Questions & Answers

  • Question 41:

    Organizations should exercise their Incident Response (IR) plan following initial creation. The primary objective for this first IR plan exercise is to identify:

    A. deficiencies in cyber security incident response team skills.
    B. gaps or overlaps in supporting processes and procedures.
    C. critical steps required in the case of an incident.
    D. capabilities required to improve response time.

  • Question 42:

    Customers are reporting issues connecting to a company's Internet server.

    Which of the following device logs should a technician review in order to help identify the issue?

    A. WIPS
    B. SSH
    C. WAP
    D. WAF

  • Question 43:

    From a compromised system, an attacker bypasses a proxy server and sends a large amount of data to a remote location. A security analyst is tasked with finding the conduit that was used by the attacker to bypass the proxy. Which of the following Windows tools should be used to find the conduit?

    A. net
    B. fport
    C. nbstat
    D. netstat

  • Question 44:

    A suspicious laptop is found in a datacenter. The laptop is on and processing data, although there is no application open on the screen.

    Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop's RAM for working applications?

    A. Net start and Network analysis
    B. Regedit and Registry analysis
    C. Task manager and Application analysis
    D. Volatility and Memory analysis

  • Question 45:

    A security analyst for a financial services firm is monitoring blogs and reads about a zero- day vulnerability being exploited by a little-known group of hackers. The analyst wishes to independently validate and corroborate the blog's posting. Which of the following sources of information will provide the MOST credible supporting threat intelligence in this situation?

    A. Similar cybersecurity blogs
    B. Threat intelligence sharing groups
    C. Computer emergency response team press release
    D. Internet searches on zero-day exploits

  • Question 46:

    The incident response team needs to track which user last connected to a specific Windows domain controller. Which of the following is the BEST way to identify that specific user?

    A. Check Systems Event Log on the user's computer
    B. Check Systems Event Log on the domain controller
    C. Check Security Log on the user's computer
    D. Check SecurityLog on the domain controller

  • Question 47:

    While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?

    A. Packet losses
    B. Excessive bandwidth usage
    C. Service disruption
    D. Off-hours usage

  • Question 48:

    A security auditor has been asked to analyze event logs to look for signs of suspicious behavior. The company operates on a normal workday schedule (e.g., Monday through Friday, 8 am – 5 pm) and has implemented stringent access

    control policies (e.g., password complexity, failed login attempts).

    Which of the following provides the MOST reason for concern?

    A. 15 failed login attempts taking place at 9 am.
    B. Regularly occurring system calls taking place every day at midnight.
    C. Two failed login attempts followed by a successful login in short succession.
    D. A single instance of failed read attempts on a protected directory structure.

  • Question 49:

    When investigating a wireless attack, which of the following can be obtained from the DHCP server?

    A. MAC address of the attacker
    B. Operating system of the attacker
    C. IP traffic between the attacker and victim
    D. Effectiveness of the VLAN terminator

  • Question 50:

    During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?

    A. \Windows\Systems32\winevt\logs\System.evt
    B. \Windows\System32\winevt\Logs\System.evtx
    C. \Windows\Systems\winevt\Evtlogs\System.evtx
    D. \Windows\System\winevt\Logs\System.evt

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Logical Operations exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CFR-210 exam preparations and Logical Operations certification application, do not hesitate to visit our Vcedump.com to find your solutions here.