CFR-210 Logical Operations CyberSec First Responder Questions and Answers

Which of the following describes the MOST important reason for capturing post-attack metadata?

Log review shows that large amounts of data are being sent to an IP address unassociated with the company. Which of the following migration techniques should be implemented?

While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?

Which of the following describes pivoting?

An attacker has sent malicious macro-enabled Office files. Which of the following regular expressions will return a list of macro-enabled files?

An alert has been triggered identifying a new application running on a Windows server. Which of the following tools can be used to identify the application? (Choose two.)

During review of a company’s web server logs, the following items are discovered:

2015-03-01 03:32:11 www.example.com/index.asp?id=-999 or 1=convert(int,@@version)—

2015-03-01 03:35:33 www.example.com/index.asp?id=-999 or 1=convert(int,db_name())—

2015-03-01 03:38:25 www.example.com/index.asp?id=-999 or 1=convert(int,user_name())—

Which of the following is depicted in the log example above?

From a compromised system, an attacker bypasses a proxy server and sends a large amount of data to a remote location. A security analyst is tasked with finding the conduit that was used by the attacker to bypass the proxy. Which of the following Windows tools should be used to find the conduit?

A malicious actor sends a crafted email to the office manager using personal information collected from social media. This type of social engineering attack is known as:

During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?

During a malware outbreak, a security analyst has been asked to capture network traffic in hourly increments for analysis by the incident response team. Which of the following tcpdump commands would generate hourly pcap files?

Which of the following protocols can be used for data extension?