CFR-410 CyberSec First Responder Questions and Answers

Which of the following is a cybersecurity solution for insider threats to strengthen information protection?

If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?

Tcpdump is a tool that can be used to detect which of the following indicators of compromise?

Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are

MOST important for log integrity? (Choose two.)

During an incident, the following actions have been taken:

-Executing the malware in a sandbox environment

-Reverse engineering the malware

-Conducting a behavior analysis

Based on the steps presented, which of the following incident handling processes has been taken?

Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?

Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?

Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.

The unknown process is MOST likely:

While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?