CFR-410 Practice Exam Questions with Answers CyberSec First Responder Certification

A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?

After a security breach, a security consultant is hired to perform a vulnerability assessment for a company’s web application. Which of the following tools would the consultant use?

When attempting to determine which system or user is generating excessive web traffic, analysis of which of

the following would provide the BEST results?

Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

Which of the following security best practices should a web developer reference when developing a new web- based application?

A security investigator has detected an unauthorized insider reviewing files containing company secrets.

Which of the following commands could the investigator use to determine which files have been opened by this user?

Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)

An unauthorized network scan may be detected by parsing network sniffer data for:

During an incident, the following actions have been taken:

-Executing the malware in a sandbox environment

-Reverse engineering the malware

-Conducting a behavior analysis

Based on the steps presented, which of the following incident handling processes has been taken?