Download Logical Operations.CFR-210.PracticeTest.2018-08-17.53q.tqb

Download Exam

File Info

Exam CyberSec First Responder
Number CFR-210
File Name Logical Operations.CFR-210.PracticeTest.2018-08-17.53q.tqb
Size 2 MB
Posted Aug 17, 2018
Download Logical Operations.CFR-210.PracticeTest.2018-08-17.53q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%



Exam Hub discount


Demo Questions

Question 1

A malicious actor sends a crafted email to the office manager using personal information collected from social media. This type of social engineering attack is known as:


  1. spear phishing
  2. vishing
  3. phishing
  4. whaling
Correct answer: C
Explanation:
Reference:https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
Reference:https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams



Question 2

A computer attacker has compromised a system by implanting a script that will send 10B packages over port 150. This port is also used for sending heartbeat messages to a central monitoring server. Which of the following BEST describes the tactic used to execute this attack?


  1. Covert channels
  2. Logic bomb
  3. Backdoors
  4. ICMP redirect
Correct answer: A
Explanation:
Reference:https://www.techopedia.com/definition/10255/covert-channel
Reference:https://www.techopedia.com/definition/10255/covert-channel



Question 3

Which of the following techniques allows probing firewall rule sets and finding entry points into a targeted system or network?


  1. Distributed checksum clearinghouse
  2. Firewall fingerprinting
  3. Network enumeration
  4. Packet crafting
Correct answer: D
Explanation:
Reference:https://en.wikipedia.org/wiki/Packet_crafting
Reference:https://en.wikipedia.org/wiki/Packet_crafting



Question 4

A security professional has been tasked with the protection of a specific set of information essential to a corporation’s livelihood, the exposure of which could cost the company billions of dollars in long-term revenue. The professional is interested in obtaining advice for preventing the theft of this type of information. 
Which of the following is the BEST resource for finding this material?


  1. Law enforcement information sharing groups
  2. National Threat Assessment Center
  3. Vendor web pages that provide intelligence feeds and advisories
  4. Blogs concerning the theft of PII
Correct answer: A
Explanation:
Reference:https://www.ise.gov/law-enforcement-information-sharing
Reference:https://www.ise.gov/law-enforcement-information-sharing



Question 5

When determining the threats/vulnerabilities to migrate, it is important to identify which are applicable. Which of the following is the FIRST step to determine applicability?


  1. Review online vulnerability database
  2. Limit and control network ports, protocols, and services.
  3. Continuously assess and remediate vulnerabilities.
  4. Conduct an assessment of the system infrastructure.
Correct answer: D
Explanation:
Reference:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Reference:http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf



Question 6

Which of the following describes pivoting?


  1. Copying captured data to a hacker’s system
  2. Performing IP packet inspection
  3. Generating excessive network traffic
  4. Accessing another system from a compromised system
Correct answer: D
Explanation:
Reference:https://www.offensive-security.com/metasploit-unleashed/pivoting/
Reference:https://www.offensive-security.com/metasploit-unleashed/pivoting/



Question 7

A malicious attacker has compromised a database by implementing a Python-based script that will automatically establish an SSH connection daily between the hours of 2:00 am and 5:00 am. Which of the following is the MOST common motive for the attack vector that was used?


  1. Pivoting
  2. Persistence/maintaining access
  3. Exfiltration
  4. Lateral movement
Correct answer: D
Explanation:
Reference: Reference:http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf
Reference: Reference:http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf



Question 8

Which of the following tools can be used to identify open ports and services?


  1. netstat
  2. tcpdump
  3. nmap
  4. recon-ng
Correct answer: A
Explanation:
Reference:https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps
Reference:https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps



Question 9

A high-level government official uses anonymous bank accounts to transfer a requested amount of funds to individuals in another country. These individuals are known for defacing government websites and exfiltrating sensitive data. Which of the following BEST describes the involved threat actors?


  1. State-sponsored hackers
  2. Gray hat hackers
  3. Hacktivists
  4. Cyber terrorists
Correct answer: D
Explanation:
Reference:http://www.fintrac.gc.ca/publications/guide/guide2/2-eng.asp
Reference:http://www.fintrac.gc.ca/publications/guide/guide2/2-eng.asp



Question 10

Which of the following are reasons that a hacker would execute a DoS or a DDoS attack? (Choose two.)


  1. To determine network bandwidth
  2. To distract the incident response team
  3. To distract the remediation team
  4. To promote business operations
  5. To compromise a system and reuse the IP address
Correct answer: AB
Explanation:
Reference:https://en.wikipedia.org/wiki/Denial-of-service_attack
Reference:https://en.wikipedia.org/wiki/Denial-of-service_attack









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files