CFR-410 Online Practice Questions and Answers

A security administrator is investigating a compromised host. Which of the following commands could the investigator use to display executing processes in real time?

A. ps

B. top

C. nice

D. pstree

A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there is little endpoint security implementation on the company's systems. Which of the following could be included in an endpoint security solution? (Choose two.)

A. Web proxy

B. Network monitoring system

C. Data loss prevention (DLP)

D. Anti-malware

E. Network Address Translation (NAT)

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

A. Clear the ARP cache on their system.

B. Enable port mirroring on the switch.

C. Filter Wireshark to only show ARP traffic.

D. Configure the network adapter to promiscuous mode.

A security investigator has detected an unauthorized insider reviewing files containing company secrets. Which of the following commands could the investigator use to determine which files have been opened by this user?

A. ls

B. lsof

C. ps

D. netstat

In which of the following attack phases would an attacker use Shodan?

A. Scanning

B. Reconnaissance

C. Gaining access

D. Persistence

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

A. Internet Relay Chat (IRC)

B. Dnscat2

C. Custom channel

D. File Transfer Protocol (FTP)

A user receives an email about an unfamiliar bank transaction, which includes a link. When clicked, the link redirects the user to a web page that looks exactly like their bank's website and asks them to log in with their username and password. Which type of attack is this?

A. Whaling

B. Smishing

C. Vishing

D. Phishing

After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

A. Stealth scanning

B. Xmas scanning

C. FINS scanning

D. Port scanning

A common formula used to calculate risk is: _____________ + Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?

A. Exploits

B. Security

C. Asset

D. Probability

Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)

A. Web crawling

B. Distributed denial of service (DDoS) attack

C. Password guessing

D. Phishing

E. Brute force attack

A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?

A. grep 20151124 security_log | grep –c “login failure”

B. grep 20150124 security_log | grep "login_failure"

C. grep 20151124 security_log | grep "login"

D. grep 20151124 security_log | grep –c “login”

When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?

A. DNS cache

B. ARP cache

C. CAM table

D. NAT table

Which of the following describes United States federal government cybersecurity policies and guidelines?

A. NIST

B. ANSI

C. NERC

D. GDPR

Which of the following enables security personnel to have the BEST security incident recovery practices?

A. Crisis communication plan

B. Disaster recovery plan

C. Occupant emergency plan

D. Incident response plan

The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)

A. Providing a briefing to management

B. Updating policies and procedures

C. Training staff for future incidents

D. Investigating responsible staff

E. Drafting a recovery plan for the incident