
更新された2023年01月テストエンジン練習CFR-410問題集と練習試験合格させます
問題集お試しセットCFR-410テストエンジンで問題集トレーニングには100問あります
CertNexus CFR-410 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 14
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?
- A. Scanning email server for vulnerabilities
- B. Hardening the Microsoft Exchange Server
- C. Auditing account password complexity
- D. Conducting security awareness training
正解: A
質問 15
Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)
- A. Evidence bags
- B. Security envelope
- C. Lock box
- D. Caution tape
- E. Secure rooms
- F. Faraday boxes
正解: A,B,D
質問 16
Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
- A. Intellectual property
- B. Network architecture
- C. PII/PHI
- D. Transaction logs
正解: C
質問 17
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = "[email protected]"; DROP TABLE members; -"
Which of the following did the hackers perform?
- A. Deleted the email password and login details
- B. Cleared tracks of [email protected] entries
- C. Performed a cross-site scripting (XSS) attack
- D. Deleted the entire members table
正解: A
質問 18
The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)
- A. Investigating responsible staff
- B. Training staff for future incidents
- C. Drafting a recovery plan for the incident
- D. Updating policies and procedures
- E. Providing a briefing to management
正解: C,D
質問 19
A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?
- A. grep 20151124 security_log | grep "login"
- B. grep 20151124 security_log | grep -c "login"
- C. grep 20151124 security_log | grep -c "login failure"
- D. grep 20150124 security_log | grep "login_failure"
正解: A
質問 20
Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?
- A. Passive scanning
- B. Application enumeration
- C. Network enumeration
- D. Active scanning
正解: C
質問 21
Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?
- A. Users
- B. Network infrastructure
- C. Application
- D. Configuration files
正解: C
質問 22
An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?
- A. Wireshark
- B. Snort
- C. Hex editor
- D. tcpdump
正解: A
質問 23
An incident at a government agency has occurred and the following actions were taken:
- Users have regained access to email accounts
- Temporary VPN services have been removed
- Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
- Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
- A. Containment
- B. Recovery
- C. Identification
- D. Post-incident
正解: A
質問 24
An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?
- A. Firewall
- B. File integrity monitoring
- C. Web proxy
- D. Data loss prevention (DLP)
正解: D
質問 25
A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?
- A. Blacklisting
- B. Whitelisting
- C. Intrusion prevention system (IPS)
- D. Intrusion detection system (IDS)
正解: D
質問 26
A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
- Running antivirus scans on the affected user machines
- Checking department membership of affected users
- Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
- Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?
- A. Containment
- B. Recovery
- C. Identification
- D. Preparation
正解: C
質問 27
A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
- A. uniq -c
- B. wc -m
- C. grep -c
- D. tr -d
正解: B
質問 28
When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
- A. Browser logs
- B. Proxy logs
- C. HTTP logs
- D. System logs
正解: B
質問 29
To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)
- A. Disabling IPv6
- B. Setting up new users
- C. Changing the default password
- D. Updating the device firmware
- E. Enabling the firewall
正解: D,E
質問 30
Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
- A. Business continuity exercise
- B. Blue team exercise
- C. Red team exercise
- D. Tabletop exercise
正解: A
質問 31
Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
- A. Generating reports
- B. Documenting exceptions
- C. Installing patches
- D. Conducting audits
- E. Updating configurations
正解: C,E
質問 32
A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator's removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?
- A. Rootkit
- B. Time bomb
- C. Login bomb
- D. Backdoor
正解: D
質問 33
Which of the following attacks involves sending a large amount of spoofed User Datagram Protocol (UDP) traffic to a router's broadcast address within a network?
- A. Fraggle attack
- B. Smurf attack
- C. Land attack
- D. Teardrop attack
正解: B
質問 34
An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
- A. Enable port mirroring on the switch.
- B. Configure the network adapter to promiscuous mode.
- C. Filter Wireshark to only show ARP traffic.
- D. Clear the ARP cache on their system.
正解: B
質問 35
......
CertNexus CFR-410問題集カバー率リアル試験問題:https://jp.fast2test.com/CFR-410-premium-file.html
リアルCFR-410問題集でCertNexus問題集PDF:https://drive.google.com/open?id=19DIgnLkO5SoAewExujN3of9WLssob2AW