Download CyberSec First Responder.CFR-210.TestKing.2018-11-30.57q.vcex
| Vendor: | Logical Operations |
| Exam Code: | CFR-210 |
| Exam Name: | CyberSec First Responder |
| Date: | Nov 30, 2018 |
| File Size: | 2 MB |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
A malicious actor sends a crafted email to the office manager using personal information collected from social media. This type of social engineering attack is known as:
- spear phishing
- vishing
- phishing
- whaling
Correct answer: C
Explanation:
Reference:https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams Reference:https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
Question 2
A computer attacker has compromised a system by implanting a script that will send 10B packages over port 150. This port is also used for sending heartbeat
messages to a central monitoring server. Which of the following BEST describes the tactic used to execute this attack?
- Covert channels
- Logic bomb
- Backdoors
- ICMP redirect
Correct answer: A
Explanation:
Reference:https://www.techopedia.com/definition/10255/covert-channel Reference:https://www.techopedia.com/definition/10255/covert-channel
Question 3
Which of the following techniques allows probing firewall rule sets and finding entry points into a targeted system or network?
- Distributed checksum clearinghouse
- Firewall fingerprinting
- Network enumeration
- Packet crafting
Correct answer: D
Explanation:
Reference:https://en.wikipedia.org/wiki/Packet_crafting Reference:https://en.wikipedia.org/wiki/Packet_crafting
Question 4
A security professional has been tasked with the protection of a specific set of information essential to a corporation’s livelihood, the exposure of which could cost the company billions of dollars in long-term revenue. The professional is interested in obtaining advice for preventing the theft of this type of information.
Which of the following is the BEST resource for finding this material?
- Law enforcement information sharing groups
- National Threat Assessment Center
- Vendor web pages that provide intelligence feeds and advisories
- Blogs concerning the theft of PII
Correct answer: A
Explanation:
Reference:https://www.ise.gov/law-enforcement-information-sharing Reference:https://www.ise.gov/law-enforcement-information-sharing
Question 5
When determining the threats/vulnerabilities to migrate, it is important to identify which are applicable. Which of the following is the FIRST step to determine applicability?
- Review online vulnerability database
- Limit and control network ports, protocols, and services.
- Continuously assess and remediate vulnerabilities.
- Conduct an assessment of the system infrastructure.
Correct answer: D
Explanation:
Reference:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf Reference:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Question 6
Which of the following describes pivoting?
- Copying captured data to a hacker’s system
- Performing IP packet inspection
- Generating excessive network traffic
- Accessing another system from a compromised system
Correct answer: D
Explanation:
Reference:https://www.offensive-security.com/metasploit-unleashed/pivoting/ Reference:https://www.offensive-security.com/metasploit-unleashed/pivoting/
Question 7
A malicious attacker has compromised a database by implementing a Python-based script that will automatically establish an SSH connection daily between the hours of 2:00 am and 5:00 am. Which of the following is the MOST common motive for the attack vector that was used?
- Pivoting
- Persistence/maintaining access
- Exfiltration
- Lateral movement
Correct answer: D
Explanation:
Reference: Reference:http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf Reference: Reference:http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf
Question 8
Which of the following tools can be used to identify open ports and services?
- netstat
- tcpdump
- nmap
- recon-ng
Correct answer: A
Explanation:
Reference:https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps Reference:https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps
Question 9
A high-level government official uses anonymous bank accounts to transfer a requested amount of funds to individuals in another country. These individuals are
known for defacing government websites and exfiltrating sensitive data. Which of the following BEST describes the involved threat actors?
- State-sponsored hackers
- Gray hat hackers
- Hacktivists
- Cyber terrorists
Correct answer: D
Explanation:
Reference:http://www.fintrac.gc.ca/publications/guide/guide2/2-eng.asp Reference:http://www.fintrac.gc.ca/publications/guide/guide2/2-eng.asp
Question 10
Which of the following are reasons that a hacker would execute a DoS or a DDoS attack? (Choose two.)
- To determine network bandwidth
- To distract the incident response team
- To distract the remediation team
- To promote business operations
- To compromise a system and reuse the IP address
Correct answer: AB
Explanation:
Reference:https://en.wikipedia.org/wiki/Denial-of-service_attack Reference:https://en.wikipedia.org/wiki/Denial-of-service_attack
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!