CertNexus CyberSec First Responder - CFR-410 Exam Practice Test

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise?
(Choose two.)
Correct Answer: A,E Vote an answer
Which of the following attacks involves sending a large amount of spoofed User Datagram Protocol (UDP) traffic to a router's broadcast address within a network?
Correct Answer: A Vote an answer
What is the definition of a security breach?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following is an essential component of a disaster recovery plan?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which three tools are used for integrity verification of files? (Choose three.)
Correct Answer: A,B,D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
Correct Answer: C,E Vote an answer
Which three of the following are included in encryption architecture? (Choose three.)
Correct Answer: C,D,E Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Where are log entries written for auditd in Linux?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
Correct Answer: B Vote an answer
According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator's group. Which of the following actions should the security administrator take?
Correct Answer: B Vote an answer
Which of the following does the command nmap -open 10.10.10.3 do?
Correct Answer: C Vote an answer
Which two answer options are the BEST reasons to conduct post-incident reviews after an incident occurs in an organization? (Choose two.)
Correct Answer: C,D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?
Correct Answer: A Vote an answer
Organizations considered "covered entities" are required to adhere to which compliance requirement?
Correct Answer: C Vote an answer