CertNexus CyberSec First Responder (CFR) (CFR-310) Free Practice Test

Question 1

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

A. Identifying critical assets

B. Performing a vulnerability scan

C. Conducting post-assessment tasks

D. Determining scope

Correct Answer: A

Question 2

Which of the following enables security personnel to have the BEST security incident recovery practices?

A. Incident response plan

B. Occupant emergency plan

C. Disaster recovery plan

D. Crisis communication plan

Correct Answer: C

Question 3

A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?

A. Probability

B. Exploits

C. Security

D. Asset

Correct Answer: D

Question 4

Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?

A. Disabling Windows Firewall

B. Enabling Remote Registry

C. Enabling Remote Desktop

D. Disabling Windows Updates

Correct Answer: C

Question 5

Nmap is a tool most commonly used to:

A. Perform network and port scanning

B. Scan web applications

C. Determine who is logged onto a host

D. Map a route for war-driving

Correct Answer: A

Question 6

An incident response team is concerned with verifying the integrity of security information and event management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?

A. Source validation

B. Log hashing

C. Time synchronization

D. Field name consistency

Correct Answer: C

Question 7

A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?

A. # tcpdump -i eth0 src 88.143.12.123

B. # tcpdump -i eth0 host 192.168.10.121

C. # tcpdump -i eth0 host 88.143.12.123

D. # tcpdump -i eth0 dst 88.143.12.123

Correct Answer: D

Question 8

An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

A. Firewall

B. Data loss prevention (DLP)

C. Web proxy

D. File integrity monitoring

Correct Answer: B

Question 9

A security professional discovers a new ransomware strain that disables antivirus on the endpoint during an infection. Which location would be the BEST place for the security professional to find technical information about this malware?

A. Computer emergency response team (CERT) press releases

B. Vulnerability databases

C. Threat intelligence feeds

D. Social network sites

Correct Answer: C

Question 10

A network administrator has determined that network performance has degraded due to excessive use of social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?

A. Whitelisting

B. Blacklisting

C. Web content filtering

D. Network segmentation

Correct Answer: C

Welcome to TestSimulate

CertNexus CyberSec First Responder (CFR) (CFR-310) Free Practice Test