Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Logical Operations CyberSec First Responder

Last Update 7 hours ago Total Questions : 100

The Logical Operations CyberSec First Responder content is now fully updated, with all current exam questions added 7 hours ago. Deciding to include CFR-210 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CFR-210 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CFR-210 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Logical Operations CyberSec First Responder practice test comfortably within the allotted time.

Question # 11

When perpetrating an attack, there are often a number of phases attackers will undertake, sometimes taking place over a long period of time. Place the following phases in the correct chronological order from first (1) to last (5).

Question # 12

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

A.

Notify the user that their workstation is being confiscated to perform an investigation, providing no details as to the reasoning.

B.

Confiscate the workstation while the suspected employee is out of the office, andperform a search on the asset.

C.

Confiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.

D.

Notify the user that the workstation is being confiscated to perform an investigation, providing complete transparency as to the suspicions.

Question # 13

A hacker’s end goal is to target the Chief Financial Officer (CFO) of a bank. Which of the following describes this social engineering tactic?

A.

Vishing

B.

Pharming

C.

Spear phishing

D.

Whaling

Question # 14

Which of the following describes the MOST important reason for capturing post-attack metadata?

A.

To assist in updating the Business Continuity Plan

B.

To assist in writing a security magazine article

C.

To assist in fortification of defenses to prevent future attacks

D.

To assist in improving security awareness training

Question # 15

An alert has been triggered identifying a new application running on a Windows server. Which of the following tools can be used to identify the application? (Choose two.)

A.

traceroute

B.

nbstat

C.

Hex editor

D.

Task manager

E.

Process explorer

Question # 16

Which of the following is the reason that out-of-band communication is used during a security incident?

A.

The SMTP server may be compromised.

B.

The incident response systems may be busy.

C.

Other communication methods are unreliable.

D.

An attacker could be monitoring network traffic.

Question # 17

An incident responder has captured packets associated with malware. The source port is 8765 and the destination port is 7653. Which of the following commands should be used on the source computer to help determine which program is responsible for the connection?

A.

services.msc

B.

psexec

C.

msconfig

D.

fport

Question # 18

An attacker has decided to attempt a brute force attack on a UNIX server. In order to accomplish this, which of the following steps must be performed?

A.

Exfiltrate the shadow and SAM, run unshadow, and then runa password cracking utility on the output file.

B.

Exfiltrate the shadow and passwd, and then run a password cracking utility on both files.

C.

Exfiltrate the shadow and SAM, and then run a password cracking utility on both files.

D.

Exfiltrate the shadowand passwd, run unshadow, and then run a password cracking utility on the output file.

Question # 19

An organization’s public information website has been defaced. The incident response team is actively engaged in the following actions:

- Installing patches on the web server

- Turning off unnecessary services on web server

- Adding new ACL rules to the WAF

- Changing all passwords on web server accounts

Which of the following incident response phases is the team MOST likely conducting?

A.

Respond

B.

Recover

C.

Contain

D.

Identify

Question # 20

A file is discovered in the /etc directory of an internal server by an automated file integrity checker. A security analyst determines the file is a bash script. The contents are as follows:

---

#/bin/bash

IFS=:

[[-f/etc/passwd]] & & cat/etc/passwd |

while read a b c d e f g

do

echo “$e ($a)”

done

---

Which of the following was the author of the script attempting to gather?

A.

Home directory and shell

B.

Username and password hash

C.

User’s name and username

D.

UID and GID

Go to page: