
CFR-410 Free Update With 100% Exam Passing Guarantee [2023]
[Mar-2023] Verified CertNexus Exam Dumps with CFR-410 Exam Study Guide
NEW QUESTION 32
When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
- A. DNS cache
- B. NAT table
- C. CAM table
- D. ARP cache
Answer: D
Explanation:
The host that owns the IP address sends an ARP reply message with its physical address. Each host machine maintains a table, called ARP cache, used to convert MAC addresses to IP addresses. Since ARP is a stateless protocol, every time a host gets an ARP reply from another host, even though it has not sent an ARP request for that reply, it accepts that ARP entry and updates its ARP cache. The process of updating a target host's ARP cache with a forged entry is referred to as poisoning.
NEW QUESTION 33
An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?
- A. Make an incident response plan.
- B. Isolate devices from the network.
- C. Capture network traffic for analysis.
- D. Prepare incident response tools.
Answer: C
NEW QUESTION 34
After a security breach, a security consultant is hired to perform a vulnerability assessment for a company's web application. Which of the following tools would the consultant use?
- A. Kismet
- B. Hydra
- C. Nikto
- D. tcpdump
Answer: C
NEW QUESTION 35
Which of the following does the command nmap -open 10.10.10.3 do?
- A. Execute a scan on a subnet, returning all hosts with open ports.
- B. Execute a scan on a single host, returning open services.
- C. Execute a scan on a single host, returning only open ports.
- D. Execute a scan on a subnet, returning detailed information on open ports.
Answer: B
NEW QUESTION 36
An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?
- A. Internet Message Access Protocol (IMAP)
- B. Network Time Protocol (NTP)
- C. Network Basic Input/Output System (NetBIOS)
- D. Database
Answer: D
NEW QUESTION 37
A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
- A. iptables -A INPUT -p tcp -dport 25 -j DROP
- B. iptables -A INPUT -p tcp -destination-port 21 -j DROP
- C. iptables -A FORWARD -p tcp -dport 6881:6889 -j DROP
- D. iptables -A INPUT -p tcp -sport 25 -d x.x.x.x -j ACCEPT
- E. iptables -A INPUT -p tcp -dport 25 -d x.x.x.x -j ACCEPT
Answer: A,E
NEW QUESTION 38
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
- A. There may be field name duplication when combining log files.
- B. Domain Name System (DNS) records may have changed since the log was created.
- C. There may be duplicate computer names on the network.
- D. The computer name may not be admissible evidence in court.
Answer: A
NEW QUESTION 39
A system administrator identifies unusual network traffic from outside the local network. Which of the following is the BEST method for mitigating the threat?
- A. Content filtering
- B. Port blocking
- C. Malware scanning
- D. Packet capturing
Answer: D
NEW QUESTION 40
A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator's removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?
- A. Time bomb
- B. Backdoor
- C. Login bomb
- D. Rootkit
Answer: B
NEW QUESTION 41
While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?
- A. Scanning
- B. Persistence
- C. Expanding access
- D. Covering tracks
Answer: C
NEW QUESTION 42
Which of the following technologies would reduce the risk of a successful SQL injection attack?
- A. Web content filtering
- B. Web application firewall
- C. Stateful firewall
- D. Reverse proxy
Answer: B
NEW QUESTION 43
In which of the following attack phases would an attacker use Shodan?
- A. Reconnaissance
- B. Persistence
- C. Scanning
- D. Gaining access
Answer: C
NEW QUESTION 44
When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
- A. Proxy logs
- B. HTTP logs
- C. System logs
- D. Browser logs
Answer: A
NEW QUESTION 45
According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
- A. 3 months
- B. 6 months
- C. 1 year
- D. 5 years
Answer: C
NEW QUESTION 46
A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of "armageddon.exe" along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
- A. top | grep armageddon
- B. wmic startup list full | find "armageddon.exe"
- C. wmic process list brief | find "armageddon.exe"
- D. ps -ef | grep armageddon
Answer: C
NEW QUESTION 47
Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
- A. Documenting exceptions
- B. Conducting audits
- C. Generating reports
- D. Updating configurations
- E. Installing patches
Answer: D,E
NEW QUESTION 48
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
"You seem tense. Take a deep breath and relax!"
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe -Command "do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c "You seem tense. Take a deep breath and relax!");Start-Sleep -s 900) } while(1)" Which of the following BEST represents what the attacker was trying to accomplish?
- A. Taunt the user and then trigger a reboot every 15 minutes.
- B. Taunt the user and then trigger a reboot every 900 minutes.
- C. Taunt the user and then trigger a shutdown every 900 minutes.
- D. Taunt the user and then trigger a shutdown every 15 minutes.
Answer: A
NEW QUESTION 49
......
CertNexus CFR-410 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
Authentic Best resources for CFR-410 Online Practice Exam: https://www.fast2test.com/CFR-410-premium-file.html
CFR-410 Test Engine Practice Exam: https://drive.google.com/open?id=1i8A4XiaDm76CTlekfZHHzwBjJxxNI6b6