Certbus > Logical Operations > Logical Operations Certifications > CFR-410 > CFR-410 Online Practice Questions and Answers

CFR-410 Online Practice Questions and Answers

Questions 4

Which of the following technologies would reduce the risk of a successful SQL injection attack?

A. Reverse proxy

B. Web application firewall

C. Stateful firewall

D. Web content filtering

Browse 100 Q&As
Questions 5

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

A. nbtstat

B. WinDump

C. fport

D. netstat

Browse 100 Q&As
Questions 6

A network administrator has determined that network performance has degraded due to excessive use of social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?

A. Whitelisting

B. Web content filtering

C. Network segmentation

D. Blacklisting

Browse 100 Q&As
Questions 7

Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?

A. Logic bomb

B. Rootkit

C. Trojan

D. Backdoor

Browse 100 Q&As
Questions 8

A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?

A. Scanning email server for vulnerabilities

B. Conducting security awareness training

C. Hardening the Microsoft Exchange Server

D. Auditing account password complexity

Browse 100 Q&As
Questions 9

As part of an organization's regular maintenance activities, a security engineer visits the Internet Storm Center advisory page to obtain the latest list of blacklisted host/network addresses. The security engineer does this to perform which of the following activities?

A. Update the latest proxy access list

B. Monitor the organization's network for suspicious traffic

C. Monitor the organization's sensitive databases

D. Update access control list (ACL) rules for network devices

Browse 100 Q&As
Questions 10

An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?

A. Geolocation

B. False positive

C. Geovelocity

D. Advanced persistent threat (APT) activity

Browse 100 Q&As
Questions 11

Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?

A. IPS logs

B. DNS logs

C. SQL logs

D. SSL logs

Browse 100 Q&As
Questions 12

While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?

A. cat * | cut –d ‘,’ –f 2,5,7

B. more * | grep

C. diff

D. sort *

Browse 100 Q&As
Questions 13

Organizations considered "covered entities" are required to adhere to which compliance requirement?

A. Health Insurance Portability and Accountability Act of 1996 (HIPAA)

B. Payment Card Industry Data Security Standard (PCI DSS)

C. Sarbanes-Oxley Act (SOX)

D. International Organization for Standardization (ISO) 27001

Browse 100 Q&As
Questions 14

Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

A. Disk duplicator

B. EnCase

C. dd

D. Forensic Toolkit (FTK)

E. Write blocker

Browse 100 Q&As
Questions 15

An incident at a government agency has occurred and the following actions were taken:

-Users have regained access to email accounts

-Temporary VPN services have been removed

-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated

-

Temporary email servers have been decommissioned

Which of the following phases of the incident response process match the actions taken?

A.

Containment

B.

Post-incident

C.

Recovery

D. Identification

Browse 100 Q&As
Questions 16

Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?

A. Security and evaluating the electronic crime scene.

B. Transporting the evidence to the forensics lab

C. Packaging the electronic device

D. Conducting preliminary interviews

Browse 100 Q&As
Questions 17

While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)

A. Identifying exposures

B. Identifying critical assets

C. Establishing scope

D. Running scanning tools

E. Installing antivirus software

Browse 100 Q&As
Questions 18

An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?

A. Internet Message Access Protocol (IMAP)

B. Network Basic Input/Output System (NetBIOS)

C. Database

D. Network Time Protocol (NTP)

Browse 100 Q&As
Exam Code: CFR-410
Exam Name: CyberSec First Responder
Last Update: Mar 13, 2025
Questions: 100 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99