1. Home
  2. Logical Operations
  3. CyberSec First Responder
  4. CFR-210
  5. Logical Operations CyberSec First Responder Questions and Answers

Pass the Logical Operations CyberSec First Responder CFR-210 Questions and answers with CertsForce

 Logical Operations Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions
Questions # 21:

When perpetrating an attack, there are often a number of phases attackers will undertake, sometimes taking place over a long period of time. Place the following phases in the correct chronological order from first (1) to last (5).

Question # 21

Questions # 22:

While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?

Options:
A.

Packet losses

B.

Excessive bandwidth usage

C.

Service disruption

D.

Off-hours usage

Questions # 23:

An organization’s firewall has recently been bombarded with an excessive amount of failed requests. A security analyst has been tasked with providing metrics on any failed attempts to ports above 1000. Which of the following regular expressions will work BEST to identify an IP address with the desired port range?

Options:
A.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):({4,5}\d+)\b/

B.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):([4]\D+)\b/

C.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):([4]\d+)\b/

D.

/\b^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5})\b/

Questions # 24:

From a compromised system, an attacker bypasses a proxy server and sends a large amount of data to a remote location. A security analyst is tasked with finding the conduit that was used by the attacker to bypass the proxy. Which of the following Windows tools should be used to find the conduit?

Options:
A.

net

B.

fport

C.

nbstat

D.

netstat

Questions # 25:

Which of the following protocols can be used for data extension?

Options:
A.

SNMP

B.

DNS

C.

ARP

D.

DHCP

Questions # 26:

Which of the following are legally compliant forensics applications that will detect ADS or a file with an incorrect file extension? (Choose two.)

Options:
A.

Regedit

B.

EnCase

C.

dd

D.

FTK

E.

Procmon

Questions # 27:

A network administrator has been asked to configure a new network. It is the company’s policy to segregate network functions using different Virtual LANs (VLANs). On which of the following is this configuration MOST likely to occur?

Options:
A.

Network switch

B.

Virtual Machine

C.

Virtual Private Network

D.

Network firewall

Questions # 28:

An attacker performs reconnaissance on a Chief Executive Officer (CEO) using publicity available resources to gain access to the CEO’s office. The attacker was in the CEO’s office for less than five minutes, and the attack left no traces in any logs, nor was there any readily identifiable cause for the exploit. The attacker in then able to use numerous credentials belonging to the CEO to conduct a variety of further attacks. Which of the following types of exploit is described?

Options:
A.

Pivoting

B.

Malicious linking

C.

Whaling

D.

Keylogging

Questions # 29:

Which of the following commands should be used to print out ONLY the second column of items in the following file?

Source_File,txt

Alpha Whiskey

Bravo Tango

Charlie Foxtrot

Echo Oscar

Delta Roger

Options:
A.

cut –d “ “ –f2 source_file.txt

B.

cut –b7-15 source_file.txt

C.

cut –d “ “ –f2 Source_File.txt

D.

cut –c6-12 Source_File.txt

Questions # 30:

Question # 30

Drag and drop the following steps in the correct order from first (1) to last (7) that a forensic expert would follow based on data analysis in a Windows system.

Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions