Free CyberSec First Responder Exam CFR-410 Exam Practice Test

Which of the following technologies would reduce the risk of a successful SQL injection attack?

• Reverse proxy
• Web application firewall
• Stateful firewall
• Web content filtering

An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

• Data loss prevention (DLP)
• Firewall
• Web proxy
• File integrity monitoring

Various logs are collected for a data leakage case to make a forensic analysis. Which of the following areMOST important for log integrity? (Choose two.)

• Hash value
• Time stamp
• Log type
• Modified date/time
• Log path

During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation todetermine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?

• iperf, traceroute, whois, ls, chown, cat
• iperf, wget, traceroute, dc3dd, ls, whois
• lsof, chmod, nano, whois, chown, ls
• lsof, ifconfig, who, ps, ls, tcpdump

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

• Notifying law enforcement
• Notifying the media
• Notifying a national compute emergency response team (CERT) or cybersecurity incident response team (CSIRT)
• Notifying the relevant vendor
• Notifying a mitigation expert

An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has beencompromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?

• Geolocation
• False positive
• Geovelocity
• Advanced persistent threat (APT) activity

While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?

• Expanding access
• Covering tracks
• Scanning
• Persistence

An unauthorized network scan may be detected by parsing network sniffer data for:

• IP traffic from a single IP address to multiple IP addresses.
• IP traffic from a single IP address to a single IP address.
• IP traffic from multiple IP addresses to a single IP address.
• IP traffic from multiple IP addresses to other networks.

A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would bePRIMARY focus of the incident response team?

• Restore service and eliminate the business impact.
• Determine effective policy changes.
• Inform the company board about the incident.
• Contact the city police for official investigation.

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

• iptables -A INPUT -p tcp --dport 25 -d x.x.x.x -j ACCEPT
• iptables -A INPUT -p tcp --sport 25 -d x.x.x.x -j ACCEPT
• iptables -A INPUT -p tcp --dport 25 -j DROP
• iptables -A INPUT -p tcp --destination-port 21 -j DROP
• iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP