CFR-410 by CertNexus Valid Free Exam Practice Test

Question 1

Which of the following should normally be blocked through a firewall?

A. NTP B. POP3 C. SMTP D. SNMP

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 2

The NIST framework 800-137 breaks down the concept of continuous monitoring into which system of tiers?

A. Tier 1 is the organization, Tier 2 is mission/business processes, and Tier 3 is information systems. B. Tier 1 is the organization, Tier 2 is information systems, and Tier 3 is mission/business processes. C. Tier 1 is information systems, Tier 2 is the organization, and Tier 3 is mission/business processes. D. Tier 1 is information systems, Tier 2 is mission/business processes, and Tier 3 is the organization.

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 3

Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?

A. Establishing scope B. Conducting an audit C. Generating reports D. Assessing exposures

Correct Answer: B

Question 4

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

A. Filter Wireshark to only show ARP traffic. B. Configure the network adapter to promiscuous mode. C. Enable port mirroring on the switch. D. Clear the ARP cache on their system.

Correct Answer: B

Question 5

After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

A. Port scanning B. FINS scanning C. Stealth scanning D. Xmas scanning

Correct Answer: B

Question 6

A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = "[email protected]"; DROP TABLE members; -"
Which of the following did the hackers perform?

A. Deleted the email password and login details B. Performed a cross-site scripting (XSS) attack C. Deleted the entire members table D. Cleared tracks of [email protected] entries

Correct Answer: A

Question 7

Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?

A. Enabling Remote Registry B. Disabling Windows Firewall C. Disabling Windows Updates D. Enabling Remote Desktop

Correct Answer: D

Question 8

When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?

A. sigverif B. awk C. grep D. findstr

Correct Answer: B

Question 9

An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?

A. Database B. Network Time Protocol (NTP) C. Internet Message Access Protocol (IMAP) D. Network Basic Input/Output System (NetBIOS)

Correct Answer: A

Question 10

A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?

A. grep 20151124 security_log | grep "login" B. grep 20150124 security_log | grep "login_failure" C. grep 20151124 security_log | grep -c "login" D. grep 20151124 security_log | grep -c "login failure"

Correct Answer: A

Question 11

Which of the following can increase an attack surface?

A. Mapping of an attack surface B. Penetration scanning C. Vulnerability scanning D. Old or unused code

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 12

Which approach to cybersecurity involves a series of defensive mechanisms that are layered to protect valuable data and information?

A. Defense in depth B. Network segmentation C. Tiered security D. Endpoint detection and response

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 13

In which of the following attack phases would an attacker use Shodan?

A. Reconnaissance B. Gaining access C. Persistence D. Scanning

Correct Answer: D

Question 14

Which of the following is the BEST way to prevent social engineering attacks?

A. Implementing strong physical security. B. Implementing two-factor access control.
D Implementing strict policies and procedures C. Training users on a regular basis.

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

CertNexus CyberSec First Responder - CFR-410 Exam Practice Test