Free CertNexus CFR-410 Study Guides Exam Questions and Answer
CFR-410 Exam Dumps, CFR-410 Practice Test Questions
NEW QUESTION # 50
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
- A. Persistence
- B. Gaining access
- C. Reconnaissance
- D. Scanning
Answer: D
NEW QUESTION # 51
During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
- A. Performing a vulnerability scan
- B. Conducting post-assessment tasks
- C. Identifying critical assets
- D. Determining scope
Answer: C
NEW QUESTION # 52
Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?
- A. Disabling Windows Firewall
- B. Disabling Windows Updates
- C. Enabling Remote Desktop
- D. Enabling Remote Registry
Answer: C
NEW QUESTION # 53
A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there is little endpoint security implementation on the company's systems. Which of the following could be included in an endpoint security solution? (Choose two.)
- A. Data loss prevention (DLP)
- B. Web proxy
- C. Anti-malware
- D. Network monitoring system
- E. Network Address Translation (NAT)
Answer: B,D
NEW QUESTION # 54
A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator's removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?
- A. Rootkit
- B. Backdoor
- C. Login bomb
- D. Time bomb
Answer: B
NEW QUESTION # 55
A network administrator has determined that network performance has degraded due to excessive use of social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?
- A. Network segmentation
- B. Blacklisting
- C. Whitelisting
- D. Web content filtering
Answer: D
NEW QUESTION # 56
The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)
- A. Updating policies and procedures
- B. Drafting a recovery plan for the incident
- C. Training staff for future incidents
- D. Providing a briefing to management
- E. Investigating responsible staff
Answer: A,B
NEW QUESTION # 57
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = "[email protected]"; DROP TABLE members; -"
Which of the following did the hackers perform?
- A. Performed a cross-site scripting (XSS) attack
- B. Deleted the email password and login details
- C. Cleared tracks of [email protected] entries
- D. Deleted the entire members table
Answer: B
NEW QUESTION # 58
An incident response team is concerned with verifying the integrity of security information and event management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?
- A. Source validation
- B. Time synchronization
- C. Log hashing
- D. Field name consistency
Answer: B
NEW QUESTION # 59
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)
- A. Log path
- B. Time stamp
- C. Modified date/time
- D. Hash value
- E. Log type
Answer: B,D
NEW QUESTION # 60
During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?
- A. Defragmentation techniques
- B. System optimization techniques
- C. Anti-forensic techniques
- D. System hardening techniques
Answer: C
NEW QUESTION # 61
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
- A. cat * | cut -d ',' -f 2,5,7
- B. diff
- C. more * | grep
- D. sort *
Answer: B
NEW QUESTION # 62
A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
- A. uniq -c
- B. tr -d
- C. wc -m
- D. grep -c
Answer: C
NEW QUESTION # 63
While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)
- A. Identifying exposures
- B. Running scanning tools
- C. Establishing scope
- D. Installing antivirus software
- E. Identifying critical assets
Answer: A,C
NEW QUESTION # 64
Which of the following describes United States federal government cybersecurity policies and guidelines?
- A. GDPR
- B. ANSI
- C. NERC
- D. NIST
Answer: D
NEW QUESTION # 65
When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
- A. DNS cache
- B. NAT table
- C. ARP cache
- D. CAM table
Answer: C
Explanation:
The host that owns the IP address sends an ARP reply message with its physical address. Each host machine maintains a table, called ARP cache, used to convert MAC addresses to IP addresses. Since ARP is a stateless protocol, every time a host gets an ARP reply from another host, even though it has not sent an ARP request for that reply, it accepts that ARP entry and updates its ARP cache. The process of updating a target host's ARP cache with a forged entry is referred to as poisoning.
NEW QUESTION # 66
Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)
- A. Default port state
- B. Default IP address
- C. Default credentials
- D. Default encryption
- E. Default protocols
Answer: A,C
NEW QUESTION # 67
Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?
- A. Backdoor
- B. Rootkit
- C. Logic bomb
- D. Trojan
Answer: C
NEW QUESTION # 68
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
- A. Brute force attack
- B. Phishing
- C. Distributed denial of service (DDoS) attack
- D. Password guessing
- E. Web crawling
Answer: A,B
NEW QUESTION # 69
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
"You seem tense. Take a deep breath and relax!"
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe -Command "do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c "You seem tense. Take a deep breath and relax!");Start-Sleep -s 900) } while(1)" Which of the following BEST represents what the attacker was trying to accomplish?
- A. Taunt the user and then trigger a shutdown every 900 minutes.
- B. Taunt the user and then trigger a reboot every 900 minutes.
- C. Taunt the user and then trigger a shutdown every 15 minutes.
- D. Taunt the user and then trigger a reboot every 15 minutes.
Answer: D
NEW QUESTION # 70
......
Latest CFR-410 Actual Free Exam Questions Updated 100 Questions: https://braindumps2go.actualpdf.com/CFR-410-real-questions.html
