CFR-210 Exam Details

  • Exam Code
    :CFR-210
  • Exam Name
    :CyberSec First Responder
  • Certification
    :Logical Operations Certifications
  • Vendor
    :Logical Operations
  • Total Questions
    :100 Q&As
  • Last Updated
    :

Logical Operations CFR-210 Online Questions & Answers

  • Question 71:

    Which of the following logs should be checked to determine if an internal user connected to a potentially malicious website? (Choose two.)

    A. FTP logs
    B. Email logs
    C. Firewall logs
    D. Proxy logs
    E. HTTP logs

  • Question 72:

    A SOC analyst reviews vendor security bulletins and security blog articles against the company's deployed system and software base. Based on current attack patterns, three vulnerabilities, including a zero-day vulnerability, have been

    upgraded to high priority.

    Which of the following should the SOC analyst recommend? (Choose two.)

    A. Reboot affected servers
    B. Implement DNS filtering
    C. Update IPS rules
    D. Implement application whitelisting
    E. Patch affected systems

  • Question 73:

    An alert has been triggered identifying a new application running on a Windows server. Which of the following tools can be used to identify the application? (Choose two.)

    A. traceroute
    B. nbstat
    C. Hex editor
    D. Task manager
    E. Process explorer

  • Question 74:

    An incident responder is investigating a Linux server reported to be "behaving strangely".

    Which of the following commands should the incident responder use to identify any users currently logged into the system? (Choose two.)

    A. Isof
    B. Is
    C. id
    D. w
    E. lastlog

  • Question 75:

    Network engineering has reported low bandwidth during working hours. The incident response team is currently investigating several anomalous activities that may be related. Which of the following is the MOST appropriate method to further investigate this problem?

    A. Collecting and analyzing computer logs
    B. Imaging hard disk drives of computers on the network
    C. Capturing network traffic and packet analysis
    D. Penetration testing and port scanning

  • Question 76:

    A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

    A. Notify the user that their workstation is being confiscated to perform an investigation, providing no details as to the reasoning.
    B. Confiscate the workstation while the suspected employee is out of the office, andperform a search on the asset.
    C. Confiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.
    D. Notify the user that the workstation is being confiscated to perform an investigation, providing complete transparency as to the suspicions.

  • Question 77:

    During the identification phase, it is discovered that port 23 is being used maliciously.

    Which of the following system hardening techniques should be used to remediate the issue?

    A. Disable unnecessary services
    B. Patch the system
    C. Configure blackhole routing
    D. Configure DNS filtering

  • Question 78:

    Which of the following mitigations will remain intact, regardless of the underlying network protocol?

    A. DNS filtering
    B. Application whitelisting
    C. IP address blocking D Proxy ACL

  • Question 79:

    Click the exhibit button. Which of the following Windows tools is executed?

    A. nmap
    B. netstat
    C. tracert
    D. traceroute

  • Question 80:

    A DMZ web server has been compromised. During the log review, the incident responder wants to parse all common internal Class A addresses from the log. Which of the following commands should the responder use to accomplish this?

    A. grep -x”(10.[0-9]+.[0-9]+.[0-9]+)” etc/rc.d/apache2/access.log | output.txt
    B. grep -x”(192.168.[0.9]+[0-9])” bin/apache2/access.log | output.txt
    C. grep -v”(10.[0-9]+.[0-9]+.[0-9]+)” /var/log/apache2/access.log > output.txt
    D. grep -v”(192.168.[0.9]+[0-9]+)” /var/log/apache2/access.log > output.txt

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Logical Operations exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CFR-210 exam preparations and Logical Operations certification application, do not hesitate to visit our Vcedump.com to find your solutions here.