
Valid CertNexus Certification CFR-410 Dumps Ensure Your Passing
CFR-410 Dumps Real Exam Questions Test Engine Dumps Training
NEW QUESTION # 44
A security investigator has detected an unauthorized insider reviewing files containing company secrets.
Which of the following commands could the investigator use to determine which files have been opened by this user?
- A. netstat
- B. lsof
- C. ls
- D. ps
Answer: B
NEW QUESTION # 45
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
"You seem tense. Take a deep breath and relax!"
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe -Command "do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c "You seem tense. Take a deep breath and relax!");Start-Sleep -s 900) } while(1)" Which of the following BEST represents what the attacker was trying to accomplish?
- A. Taunt the user and then trigger a shutdown every 900 minutes.
- B. Taunt the user and then trigger a reboot every 15 minutes.
- C. Taunt the user and then trigger a shutdown every 15 minutes.
- D. Taunt the user and then trigger a reboot every 900 minutes.
Answer: B
NEW QUESTION # 46
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?
- A. nbtstat
- B. fport
- C. netstat
- D. WinDump
Answer: C
NEW QUESTION # 47
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = "[email protected]"; DROP TABLE members; -"
Which of the following did the hackers perform?
- A. Deleted the entire members table
- B. Cleared tracks of [email protected] entries
- C. Deleted the email password and login details
- D. Performed a cross-site scripting (XSS) attack
Answer: C
NEW QUESTION # 48
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
- A. Persistence
- B. Gaining access
- C. Scanning
- D. Reconnaissance
Answer: C
NEW QUESTION # 49
Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B.
Which of the
following threat motives does this MOST likely represent?
- A. Reputation/recognition
- B. Desire for power
- C. Desire for financial gain
- D. Association/affiliation
Answer: C
NEW QUESTION # 50
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?
- A. False positive
- B. Advanced persistent threat (APT) activity
- C. Geolocation
- D. Geovelocity
Answer: D
NEW QUESTION # 51
Detailed step-by-step instructions to follow during a security incident are considered:
- A. Policies
- B. Standards
- C. Guidelines
- D. Procedures
Answer: D
NEW QUESTION # 52
Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
- A. Documenting exceptions
- B. Updating configurations
- C. Generating reports
- D. Installing patches
- E. Conducting audits
Answer: B,D
NEW QUESTION # 53
An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?
- A. Capture network traffic for analysis.
- B. Isolate devices from the network.
- C. Make an incident response plan.
- D. Prepare incident response tools.
Answer: A
NEW QUESTION # 54
Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
- A. Security and evaluating the electronic crime scene.
- B. Packaging the electronic device
- C. Transporting the evidence to the forensics lab
- D. Conducting preliminary interviews
Answer: B
NEW QUESTION # 55
An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?
- A. File integrity monitoring
- B. Web proxy
- C. Data loss prevention (DLP)
- D. Firewall
Answer: C
NEW QUESTION # 56
During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?
- A. Anti-forensic techniques
- B. System optimization techniques
- C. System hardening techniques
- D. Defragmentation techniques
Answer: A
NEW QUESTION # 57
During an incident, the following actions have been taken:
- Executing the malware in a sandbox environment
- Reverse engineering the malware
- Conducting a behavior analysis
Based on the steps presented, which of the following incident handling processes has been taken?
- A. Eradication
- B. Containment
- C. Recovery
- D. Identification
Answer: B
Explanation:
The "Containment, eradication and recovery" phase is the period in which incident response team tries to contain the incident and, if necessary, recover from it (restore any affected resources, data and/or processes).
NEW QUESTION # 58
An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?
- A. Database
- B. Network Time Protocol (NTP)
- C. Internet Message Access Protocol (IMAP)
- D. Network Basic Input/Output System (NetBIOS)
Answer: A
NEW QUESTION # 59
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?
- A. Conducting security awareness training
- B. Hardening the Microsoft Exchange Server
- C. Auditing account password complexity
- D. Scanning email server for vulnerabilities
Answer: D
NEW QUESTION # 60
An incident responder has collected network capture logs in a text file, separated by five or more data fields.
Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?
- A. sort -n
- B. more
- C. less
- D. cat | tac
Answer: A
NEW QUESTION # 61
......
The CFR-410 certification program is an essential qualification for professionals looking to advance their career in the field of cybersecurity. The certification provides a comprehensive understanding of how to respond to cybersecurity threats and incidents in real-time. Individuals who have achieved the CFR-410 certification can demonstrate their expertise in this area and are more likely to be considered for senior cybersecurity roles.
CertNexus CFR-410: Selling CertNexus Certification Products and Solutions: https://www.itexamdownload.com/CFR-410-valid-questions.html
CFR-410 exam dumps and online Test Engine: https://drive.google.com/open?id=1VX4N_ryialyUWVWvG06qafMHSTOC-Shy