最新的Logical Operations Certification認證 CFR-210考試題庫

問題1

DRAG DROP
Drag and drop the following steps to perform a successful social engineering attack in the correct order,
from first (1) to last (6).

正確答案:

問題2

A security auditor has been asked to analyze event logs to look for signs of suspicious behavior. The
company operated on a normal workday schedule (e.g., Monday through Friday, 8 am- 5 pm) and has
implemented stringent access control policies (e .g. password complexity, failed login attempts).
Which of the following provides the MOST reason for concern?

A. Two failed login attempts followed by a successful login in short succession.

B. Regularly occurring system calls taking place every day at midnight.

C. A single instance of failed read attempts on a protected directory structure.

D. 15 failed login attempts taking place at 9 am.

正確答案: D

問題3

An alert has been triggered identifying a new application running on a Windows server. Which of the
following tools can be used to identify the application? (Choose two.)

A. Process explorer

B. Task manager

C. nbstat

D. Hex editor

E. traceroute

正確答案: A,B

問題4

A logfile generated from a Windows server was moved to a Linux system for further analysis. A system
administrator is now making edits to the file with vi and notices the file contains numerous instances of
Ctrl-M (AM) characters. Which of the following command line tools is the administrator MOST likely to use
to remove these characters from the logfile? (Choose two.)

A. awk

B. unix2dos

C. cut

D. tr

E. cat

正確答案: D,E

問題5

A user reports a pop-up error when starting a Windows machine. The error states that the machine has
been infected with a virus and instructs the user to download a new antivirus client. In which of the
following locations should the incident responder check to find what is generating the error message?
(Choose two.)

A. Browser history

B. Programs and Features

C. Event Viewer

D. Auto-start registry keys

E. Device Manager

正確答案: C,D

問題6

DRAG DROP
Drag and drop the following steps in the correct order from first (1) to last (7) that a forensic expert would
follow based on data analysis in a Windows system.

正確答案:

問題7

During a malware outbreak, a security analyst has been asked to capture network traffic in hourly
increments for analysis by the incident response team . Which of the following tcpdump commands would
generate hourly pcap files?

A. tcpdump -nn -i eth0 -w output.pcap -c 100 -W 10

B. tcpdump -nn -i eth0 -w output.pcap -W 24

C. tcpdump -nn -i eth0 -w output.pcap

D. tcpdump -nn -i eth0 -w output.pcap -G 3600 -W 14

正確答案: B

問題8

A DMZ web server has been compromised. During the log review, the incident responder wants to parse all common internal Class A addresses from the log.
Which of the following commands should the responder use to accomplish this?

A. grep -x"(10.[0-9]+.[0-9]+.[0-9]+)" etc/rc.d/apache2/access.log I output.txt

B. grep -x"(192.168.[0.9]+[0-9])" bin/apache2/access.log I output.txt

C. grep -v"(10.[0-9]+.[0-9]+.[0-9]+)" /var/log/apache2/access.log > output.txt

D. grep -v"(192.168.[0.9]+[0-9]+)" /var/log/apache2/access.log > output.txt

正確答案: C

問題9

Which of the following mitigations will remain intact, regardless of the underlying network protocol?

A. Application whitelisting

B. IP address blocking

C. Proxy ACL

D. DNS filtering

正確答案: D

問題10

An organization performs regular updates to its network devices to alert and prevent access to streaming
media sites by the employees. Each device will send logs and alerts to a centralized server for storage,
archive, and analysis. Which of the following BEST describes the system that is correlating the data found
in all alerts and logs?

A. SIEM

B. HIPS

C. WIPS

D. NIDS

正確答案: A

最新的Logical Operations CyberSec First Responder - CFR-210免費考試真題

最新更新

站內鏈接

聯系我們