Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Ace the Logical Operations CFR-210 Exam: Ultimate Preparation Guide

Questions 11

An attacker has exfiltrated the SAM file from a Windows workstation. Which of the following attacks is MOST likely being perpetrated?

Options:
A.

user enumeration

B.

Brute forcing

C.

Password sniffing

D.

Hijacking/rooting

Questions 12

An incident responder has captured packets associated with malware. The source port is 8765 and the destination port is 7653. Which of the following commands should be used on the source computer to help determine which program is responsible for the connection?

Options:
A.

services.msc

B.

psexec

C.

msconfig

D.

fport

Questions 13

When determining the threats/vulnerabilities to migrate, it is important to identify which are applicable. Which of the following is the FIRST step to determine applicability?

Options:
A.

Review online vulnerability database

B.

Limit and control network ports, protocols, and services.

C.

Continuously assess and remediate vulnerabilities.

D.

Conduct an assessment of the system infrastructure.

Questions 14

An alert on user account activity outside of normal business hours returns Windows even IDs 540 and 4624. In which of the following locations will these events be found?

Options:
A.

Application event log

B.

System event log

C.

Setup event log

D.

Security event log

Questions 15

A file is discovered in the /etc directory of an internal server by an automated file integrity checker. A security analyst determines the file is a bash script. The contents are as follows:

---

#/bin/bash

IFS=:

[[-f/etc/passwd]] && cat/etc/passwd |

while read a b c d e f g

do

echo “$e ($a)”

done

---

Which of the following was the author of the script attempting to gather?

Options:
A.

Home directory and shell

B.

Username and password hash

C.

User’s name and username

D.

UID and GID

Questions 16

Which of the following types of logs is shown below, and what can be discerned from its contents?

2015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:31 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:31 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:32 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:32 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:32 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:33 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:33 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:33 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:34 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:34 reject UDP 123.56.71.145 192.141.173.72 1234 80

2015-07-19 12:33:34 reject UDP 146.64.21.212 192.141.173.72 1234 80

2015-07-19 12:33:35 reject UDP 166.32.22.12 192.141.173.72 1234 80

2015-07-19 12:33:35 reject UDP 123.56.71.145 192.141.173.72 1234 80

Options:
A.

Firewall log showing a possible web server attack

B.

Proxy log showing a possible DoS attack

C.

Firewall log showing a possible DoS attack

D.

Proxy log showing a possible web server attack

Questions 17

An attacker has decided to attempt a brute force attack on a UNIX server. In order to accomplish this, which of the following steps must be performed?

Options:
A.

Exfiltrate the shadow and SAM, run unshadow, and then runa password cracking utility on the output file.

B.

Exfiltrate the shadow and passwd, and then run a password cracking utility on both files.

C.

Exfiltrate the shadow and SAM, and then run a password cracking utility on both files.

D.

Exfiltrate the shadowand passwd, run unshadow, and then run a password cracking utility on the output file.

Questions 18

The Chief Information Officer (CIO) of a company asks the incident responder to update the risk management plan. Which of the following methods can BEST help the incident responder identify the risks that require in-depth analysis?

Options:
A.

Qualitative analysis

B.

Targeted risk analysis

C.

Non-targeted risk analysis

D.

Quantitative analysis

Questions 19

Which of the following describes pivoting?

Options:
A.

Copying captured data to a hacker’s system

B.

Performing IP packet inspection

C.

Generating excessive network traffic

D.

Accessing another system from a compromised system

Questions 20

An incident responder needs to quickly locate specific data in a large data repository. Which of the following Linux tool should be used?

Options:
A.

cat

B.

find

C.

grep

D.

man

Exam Code: CFR-210
Certification Provider: Logical Operations
Exam Name: Logical Operations CyberSec First Responder
Last Update: Jan 15, 2025
Questions: 100

Logical Operations Related Exams

How to pass CertNexus CFR-410 - CyberSec First Responder (CFR) Exam Exam

Logical Operations Free Exams

Logical Operations Free Exams
Examstrack provides free Logical Operations exam prep materials and practice tests to support your Logical Operations certification goals.