CFR-210 Practice Exam Questions with Answers Logical Operations CyberSec First Responder Certification

An incident responder notices many entries in an apache access log file that contain semicolons. Which of the following attacks is MOST likely being attempted?

A forensics analyst is analyzing an executable and thinks it may have some text of interest hidden within it. Which of the following tools can the analyst use to assist in validating the suspicion?

A network administrator has been asked to configure a new network. It is the company’s policy to segregate network functions using different Virtual LANs (VLANs). On which of the following is this configuration MOST likely to occur?

Which of the following protocols can be used for data extension?

Drag and drop the following steps in the correct order from first (1) to last (7) that a forensic expert would follow based on data analysis in a Windows system.

Customers are reporting issues connecting to a company’s Internet server. Which of the following device logs should a technician review in order to help identify the issue?

An incident responder suspects that a host behind a firewall is infected with malware. Which of the following should the responder use to find the IP address of the infected machine?

A user reports a pop-up error when starting a Windows machine. The error states that the machine has been infected with a virus and instructs the user to download a new antivirus client. In which of the following locations should the incidentresponder check to find what is generating the error message? (Choose two.)

Which of the following could an attacker use to perpetrate a social engineering attack? (Choose two.)

A SOC analyst reviews vendor security bulletins and security blog articles against the company’s deployed system and software base. Based on current attack patterns, three vulnerabilities, including a zero-day vulnerability, have been upgraded to high priority. Which of the following should the SOC analyst recommend? (Choose two.)

Drag and drop the following steps to perform a successful social engineering attack in the correct order, from first (1) to last (6).

A suspicious laptop is found in a datacenter. The laptop is on and processing data, although there is no application open on the screen. Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop’s RAM for working applications?

Which of the following enables security personnel to have the BEST security incident recovery practices?

An attacker has sent malicious macro-enabled Office files. Which of the following regular expressions will return a list of macro-enabled files?

Which of the following describes the MOST important reason for capturing post-attack metadata?

An incident responder is investigating a Linux server reported to be “behaving strangely”. Which of the following commands should the incident responder use to identify any users currently logged into the system? (Choose two.)

During an annual penetration test, several rootkit-enabled systems are found to be exfiltrating data. The penetration test team and the internal incident response team work to begin cleanup. The company’s operations team offers a new emails server to use for communications during the incident. As cleanup continues, the attackers seem to know exactly what the incident response plan is. Which of the following will prevent the attackers from compromising cleanup activities?

Which of the following resources BEST supports malware analysis?

During the course of an investigation, an incident responder discovers illegal material on a user’s hard drive. Which of the following is the incident responder’s MOST important next step?

An incident responder needs to quickly locate specific data in a large data repository. Which of the following Linux tool should be used?

During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?

A Windows system user reports seeing a command prompt window pop up briefly during each login. In which of the following locations would an incident responder check to explain this activity?

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

Log review shows that large amounts of data are being sent to an IP address unassociated with the company. Which of the following migration techniques should be implemented?

During the identification phase, it is discovered that port 23 is being used maliciously. Which of the following system hardening techniques should be used to remediate the issue?