Free CyberSec First Responder Exam CFR-410 Exam Practice Test

Tcpdump is a tool that can be used to detect which of the following indicators of compromise?

• Unusual network traffic
• Unknown open ports
• Poor network performance
• Unknown use of protocols

An incident response team is concerned with verifying the integrity of security information and eventmanagement (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?

• Time synchronization
• Log hashing
• Source validation
• Field name consistency

Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?

• Application
• Users
• Network infrastructure
• Configuration files

During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation todetermine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?

• iperf, traceroute, whois, ls, chown, cat
• iperf, wget, traceroute, dc3dd, ls, whois
• lsof, chmod, nano, whois, chown, ls
• lsof, ifconfig, who, ps, ls, tcpdump

An incident handler is assigned to initiate an incident response for a complex network that has been affectedby malware. Which of the following actions should be taken FIRST?

• Make an incident response plan.
• Prepare incident response tools.
• Isolate devices from the network.
• Capture network traffic for analysis.

An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?

• Hardening the infrastructure
• Documenting exceptions
• Assessing identified exposures
• Generating reports

To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)

• Changing the default password
• Updating the device firmware
• Setting up new users
• Disabling IPv6
• Enabling the firewall

When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?

• findstr
• grep
• awk
• sigverif

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

• Evidence bags
• Lock box
• Caution tape
• Security envelope
• Secure rooms
• Faraday boxes

Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?

• Logic bomb
• Rootkit
• Trojan
• Backdoor