CFR-310PDF試験材料2022年最新の実際に出るCFR-310問題集 [Q17-Q32]

Share

CFR-310PDF試験材料2022年最新の実際に出るCFR-310問題集

更新されたのはCertNexus CFR-310問題集PDFオンラインエンジン


CertNexus CFR-310 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • フォレンジック分析に固有の概念の重要性を説明する
  • シナリオを前提として、適切なツールを使用してログを分析する
トピック 2
  • シナリオが与えられたら、Windowsツールを使用してインシデントを分析します
  • 一般的な軽減方法とデバイスを説明します
トピック 3
  • シナリオを前提として、Linuxベースのツールを使用してインシデントを分析します
  • マルウェア分析に使用される方法とツールを要約します
トピック 4
  • シナリオを前提として、潜在的な侵害の一般的な指標を分析します
  • 攻撃ツールと手法の目的と使用法を説明します

 

質問 17
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?

  • A. Domain Name System (DNS) records may have changed since the log was created.
  • B. The computer name may not be admissible evidence in court.
  • C. There may be field name duplication when combining log files.
  • D. There may be duplicate computer names on the network.

正解: C

 

質問 18
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?

  • A. Conducting security awareness training
  • B. Hardening the Microsoft Exchange Server
  • C. Auditing account password complexity
  • D. Scanning email server for vulnerabilities

正解: D

解説:
Explanation

 

質問 19
It was recently discovered that many of an organization's servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

  • A. Network resources
  • B. Disk resources
  • C. Computing resources
  • D. Financial resources
  • E. Power resources

正解: A,E

解説:
Explanation/Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101- the-impact-of-cryptocurrency-mining-malware

 

質問 20
When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?

  • A. awk
  • B. sigverif
  • C. findstr
  • D. grep

正解: A

解説:
Explanation/Reference: https://books.google.com.pk/books?id=8qTxCAAAQBAJ&pg=PA6&lpg=PA6&dq=awk+extract
+information+from+text+files+in+a+Windows+operating
+system&source=bl&ots=mm7bH69viV&sig=ACfU3U2sg2lNmZXZW0FKQWctyfH89yAz3Q&hl=en&sa=X&ved
=2ahUKEwiFioWCgbbpAhVFQBoKHavGAcUQ6AEwAHoECBQQAQ#v=onepage&q=awk%20extract%
20information%20from%20text%20files%20in%20a%20Windows%20operating%20system&f=false

 

質問 21
Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

  • A. Cybercriminals
  • B. State-sponsored hackers
  • C. Hacktivists
  • D. Cyberterrorist

正解: B

 

質問 22
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?

  • A. Persistence
  • B. Scanning
  • C. Gaining access
  • D. Reconnaissance

正解: B

 

質問 23
Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

  • A. Cybercriminals
  • B. State-sponsored hackers
  • C. Hacktivists
  • D. Cyberterrorist

正解: B

解説:
Explanation

 

質問 24
Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

  • A. Lock box
  • B. Secure rooms
  • C. Caution tape
  • D. Security envelope
  • E. Faraday boxes
  • F. Evidence bags

正解: C,D,F

 

質問 25
During an incident, the following actions have been taken:
- Executing the malware in a sandbox environment
- Reverse engineering the malware
- Conducting a behavior analysis
Based on the steps presented, which of the following incident handling processes has been taken?

  • A. Eradication
  • B. Containment
  • C. Identification
  • D. Recovery

正解: B

解説:
The "Containment, eradication and recovery" phase is the period in which incident response team tries to contain the incident and, if necessary, recover from it (restore any affected resources, data and/or processes).
Reference: https://blog.rapid7.com/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-
61/

 

質問 26
Which of the following does the command nmap -open 10.10.10.3 do?

  • A. Execute a scan on a single host, returning open services.
  • B. Execute a scan on a subnet, returning all hosts with open ports.
  • C. Execute a scan on a single host, returning only open ports.
  • D. Execute a scan on a subnet, returning detailed information on open ports.

正解: A

 

質問 27
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

  • A. WinDump
  • B. fport
  • C. nbtstat
  • D. netstat

正解: D

 

質問 28
An unauthorized network scan may be detected by parsing network sniffer data for:

  • A. IP traffic from multiple IP addresses to other networks.
  • B. IP traffic from a single IP address to a single IP address.
  • C. IP traffic from a single IP address to multiple IP addresses.
  • D. IP traffic from multiple IP addresses to a single IP address.

正解: D

 

質問 29
Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

  • A. dd
  • B. Forensic Toolkit (FTK)
  • C. Disk duplicator
  • D. EnCase
  • E. Write blocker

正解: B,D

 

質問 30
A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator's removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?

  • A. Login bomb
  • B. Backdoor
  • C. Rootkit
  • D. Time bomb

正解: B

 

質問 31
A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise?
(Choose two.)

  • A. NetFlow logs
  • B. Domain controller logs
  • C. Proxy logs
  • D. Web server logs
  • E. FTP logs

正解: B,D

 

質問 32
......

CertNexus CFR-310問題集PDFのベストを目指すなら問題集を使おう 目指そう高得点:https://jp.fast2test.com/CFR-310-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어