Logical Operations CyberSec First Responder (CFR-210) Free Practice Test

Question 1

Network engineering has reported low bandwidth during working hours. The incident response team is
currently investigating several anomalous activities that may be related . Which of the following is the
MOST appropriate method to further investigate this problem?

A. Imaging hard disk drives of computers on the network

B. Collecting and analyzing computer logs

C. Capturing network traffic and packet analysis

D. Penetration testing and port scanning

Correct Answer: C

Question 2

During a network-based attack, which of the following data sources will provide the BEST data to quickly
determine the attacker's point of origin? (Choose two.)

A. Firewall logs

B. IDS/IPS logs

C. WIPS logs

D. System logs

E. DNS logs

Correct Answer: A,E

Question 3

Which of the following enables security personnel to have the BEST security incident recovery practices?

A. Occupant emergency plan

B. Disaster recovery plan

C. Crisis communication plan

D. Cyber incident response plan

Correct Answer: D

Question 4

An organization needs to determine of any systems on its network (10.0.25.0/24) have web services
running on port 80 or 443. Which of the following is the BEST command to do this?

A. nmap -v 80,443 10.0.25.0/24

B. nmap -p 80,443 10.0.25.0/24

C. netstat -v 80,443 10.0.25.0/24

D. netstat -p 80-443 10.0.25.0/24

Correct Answer: C

Question 5

A malicious actor sends a crafted email to the office manager using personal information collected from
social media. This type of social engineering attack is known as:

A. phishing

B. whaling

C. spear phishing

D. vishing

Correct Answer: A

Question 6

A malicious attacker has compromised a database by implementing a Python-based script that will automatically establish an SSH connection daily between the hours of 2:00am and 5:00am.
Which of the following is the MOST common motive for the attack vector that was used?

A. Pivoting

B. Lateral movement

C. Exfiltration

D. Persistence/maintaining access

Correct Answer: B

Question 7

An incident responder notices many entries in an apache access log file that contain semicolons.
Which of the following attacks is MOST likely being attempted?

A. Remote file inclusion

B. Account brute force

C. SQL injection

D. Cross-site scripting

Correct Answer: C

Question 8

Which of the following describes the MOST important reason for capturing post-attack meta data?

A. To assist in fortification of defenses to prevent future attacks

B. To assist in writing a security magazine article

C. To assist in improving security awareness training

D. To assist in updating the Business Continuity Plan

Correct Answer: A

Question 9

A hacker's end goal is to target the Chief Financial Officer (CFO) of a bank. Which of the following
describes this social engineering tactic?

A. Spear phishing

B. Vishing

C. Pharming

D. Whaling

Correct Answer: D

Question 10

From a compromised system, an attacker bypasses a proxy server and sends a large amount of data to a
remote location. A security analyst is tasked with finding the conduit that was used by the attacker to
bypass the proxy. Which of the following Windows tools should be used to find the conduit?

A. fport

B. nbstat

C. netstat

D. net

Correct Answer: C

Welcome to TestSimulate

Logical Operations CyberSec First Responder (CFR-210) Free Practice Test