CFR-410

During a log review, an incident responder is attempting to process the proxy server’s log files but finds that they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?A . Hex editor, searching...

Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?A . Transaction logs B. Intellectual property C. PII/PHI D. Network architectureView AnswerAnswer: C

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?A . nbtstat B. WinDump C. fport D. netstatView AnswerAnswer: D

Which of the following is a cybersecurity solution for insider threats to strengthen information protection?A . Web proxy B. Data loss prevention (DLP) C. Anti-malware D. Intrusion detection system (IDS)View AnswerAnswer: B Explanation: Reference: https://www.techrepublic.com/article/how-to-protect-your-organization-against-insider-threats/

It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)A . Power resources B. Network resources C. Disk resources D. Computing resources E. Financial resourcesView AnswerAnswer: A,B Explanation: Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-the- impact-of-cryptocurrency-mining-malware

Organizations considered “covered entities” are required to adhere to which compliance requirement?A . Health Insurance Portability and Accountability Act of 1996 (HIPAA) B. Payment Card Industry Data Security Standard (PCI DSS) C. Sarbanes-Oxley Act (SOX) D. International Organization for Standardization (ISO) 27001View AnswerAnswer: A Explanation: Reference: https://www.hhs.gov/hipaa/for-professionals/faq/190/who-must-comply-with-hipaa-privacy- standards/index.html

Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?A . Blue team exercise B. Business continuity exercise C. Tabletop exercise D. Red team exerciseView AnswerAnswer: B Explanation: Reference: https://www.gsma.com/mobilefordevelopment/wp-content/uploads/2017/11/Exercising-BC-Plans- for-Natural-Disasters-A-Quick-Guide-for-MNOs.pdf

The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)A . Wireless router B. Switch C. Firewall D. Access point E. HubView AnswerAnswer: A,E Explanation: Reference: https://www.kaspersky.com/blog/krackattack/19798/

A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe. The unknown process is MOST likely:A . Malware B. A port scanner C. A system process D. An application processView AnswerAnswer: A

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)A . iptables -A INPUT -p tcp Cdport 25 -d x.x.x.x -j ACCEPT...