Logical Operations CFR-210 CFR Exam Practice Test Instant Access

Question 1

To redact or obfuscate sensitive data, a company requires its name be changed throughout a port-incident report. Using a Linux sed command, which of the following will replace the company's name with ''Acme''?

A/Orange/Acme/g

Bs/Acme/Orange/g

C/Acme/Orange/g

Ds/Orange/Acme/g

Answer : D

Question 2

An administrator wants to block Java exploits that were not detected by the organization's antivirus product. Which of the following mitigation methods should an incident responder perform? (Choose two.)

AUtilize DNS filtering

BSend binary to AV vendor for analysis

CCreate a custom IPS signature

DImplement an ACL

EBlock the port on the firewall

Answer : C, E

Question 3

Organizations should exercise their Incident Response (IR) plan following initial creation. The primary objective for this first IR plan exercise is to identify:

Adeficiencies in cyber security incident response team skills.

Bgaps or overlaps in supporting processes and procedures.

Ccritical steps required in the case of an incident.

Dcapabilities required to improve response time.

Answer : D

Question 4

A SOC analyst reviews vendor security bulletins and security blog articles against the company's deployed system and software base. Based on current attack patterns, three vulnerabilities, including a zero-day vulnerability, have been upgraded to high priority. Which of the following should the SOC analyst recommend? (Choose two.)

AReboot affected servers

BImplement DNS filtering

CUpdate IPS rules

DImplement application whitelisting

EPatch affected systems

Answer : B, E

Question 5

An organization's public information website has been defaced. The incident response team is actively engaged in the following actions:

- Installing patches on the web server

- Turning off unnecessary services on web server

- Adding new ACL rules to the WAF

- Changing all passwords on web server accounts

Which of the following incident response phases is the team MOST likely conducting?

ARespond

BRecover

CContain

DIdentify

Answer : B

Question 6

Log review shows that large amounts of data are being sent to an IP address unassociated with the company. Which of the following migration techniques should be implemented?

ADNS filtering

BSystem hardening

CProxy

DIPS

Answer : A

Question 7

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

ANotify the user that their workstation is being confiscated to perform an investigation, providing no details as to the reasoning.

BConfiscate the workstation while the suspected employee is out of the office, andperform a search on the asset.

CConfiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.

DNotify the user that the workstation is being confiscated to perform an investigation, providing complete transparency as to the suspicions.

Answer : B

Logical Operations CFR-210 Certified CyberSec First Responder CFR Exam Practice Test