Download CyberSec First Responder.CFR-210.PracticeTest.2018-08-17.53q.vcex

Vendor: Logical Operations
Exam Code: CFR-210
Exam Name: CyberSec First Responder
Date: Aug 17, 2018
File Size: 2 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
A malicious actor sends a crafted email to the office manager using personal information collected from social media. This type of social engineering attack is known as:
  1. spear phishing
  2. vishing
  3. phishing
  4. whaling
Correct answer: C
Explanation:
Reference:https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
Reference:https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
Question 2
A computer attacker has compromised a system by implanting a script that will send 10B packages over port 150. This port is also used for sending heartbeat messages to a central monitoring server. Which of the following BEST describes the tactic used to execute this attack?
  1. Covert channels
  2. Logic bomb
  3. Backdoors
  4. ICMP redirect
Correct answer: A
Explanation:
Reference:https://www.techopedia.com/definition/10255/covert-channel
Reference:https://www.techopedia.com/definition/10255/covert-channel
Question 3
Which of the following techniques allows probing firewall rule sets and finding entry points into a targeted system or network?
  1. Distributed checksum clearinghouse
  2. Firewall fingerprinting
  3. Network enumeration
  4. Packet crafting
Correct answer: D
Explanation:
Reference:https://en.wikipedia.org/wiki/Packet_crafting
Reference:https://en.wikipedia.org/wiki/Packet_crafting
Question 4
A security professional has been tasked with the protection of a specific set of information essential to a corporation’s livelihood, the exposure of which could cost the company billions of dollars in long-term revenue. The professional is interested in obtaining advice for preventing the theft of this type of information. 
Which of the following is the BEST resource for finding this material?
  1. Law enforcement information sharing groups
  2. National Threat Assessment Center
  3. Vendor web pages that provide intelligence feeds and advisories
  4. Blogs concerning the theft of PII
Correct answer: A
Explanation:
Reference:https://www.ise.gov/law-enforcement-information-sharing
Reference:https://www.ise.gov/law-enforcement-information-sharing
Question 5
When determining the threats/vulnerabilities to migrate, it is important to identify which are applicable. Which of the following is the FIRST step to determine applicability?
  1. Review online vulnerability database
  2. Limit and control network ports, protocols, and services.
  3. Continuously assess and remediate vulnerabilities.
  4. Conduct an assessment of the system infrastructure.
Correct answer: D
Explanation:
Reference:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Reference:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Question 6
Which of the following describes pivoting?
  1. Copying captured data to a hacker’s system
  2. Performing IP packet inspection
  3. Generating excessive network traffic
  4. Accessing another system from a compromised system
Correct answer: D
Explanation:
Reference:https://www.offensive-security.com/metasploit-unleashed/pivoting/
Reference:https://www.offensive-security.com/metasploit-unleashed/pivoting/
Question 7
A malicious attacker has compromised a database by implementing a Python-based script that will automatically establish an SSH connection daily between the hours of 2:00 am and 5:00 am. Which of the following is the MOST common motive for the attack vector that was used?
  1. Pivoting
  2. Persistence/maintaining access
  3. Exfiltration
  4. Lateral movement
Correct answer: D
Explanation:
Reference: Reference:http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf
Reference: Reference:http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf
Question 8
Which of the following tools can be used to identify open ports and services?
  1. netstat
  2. tcpdump
  3. nmap
  4. recon-ng
Correct answer: A
Explanation:
Reference:https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps
Reference:https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps
Question 9
A high-level government official uses anonymous bank accounts to transfer a requested amount of funds to individuals in another country. These individuals are known for defacing government websites and exfiltrating sensitive data. Which of the following BEST describes the involved threat actors?
  1. State-sponsored hackers
  2. Gray hat hackers
  3. Hacktivists
  4. Cyber terrorists
Correct answer: D
Explanation:
Reference:http://www.fintrac.gc.ca/publications/guide/guide2/2-eng.asp
Reference:http://www.fintrac.gc.ca/publications/guide/guide2/2-eng.asp
Question 10
Which of the following are reasons that a hacker would execute a DoS or a DDoS attack? (Choose two.)
  1. To determine network bandwidth
  2. To distract the incident response team
  3. To distract the remediation team
  4. To promote business operations
  5. To compromise a system and reuse the IP address
Correct answer: AB
Explanation:
Reference:https://en.wikipedia.org/wiki/Denial-of-service_attack
Reference:https://en.wikipedia.org/wiki/Denial-of-service_attack
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!