[Q54-Q77] Updated Jan-2023 Exam Engine or PDF for the CertNexus CFR-410 test to help you quickly prepare for the CertNexus exam!

Rate this post

Updated Jan-2023 Test Engine or PDF for the CertNexus CFR-410 test to help you quickly prepare for the CertNexus exam!

Full CFR-410 Practice Test and 100 unique questions with explanations waiting just for you, get it now!

NO.54 Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?

IPS logs

DNS logs

SQL logs

SSL logs

NO.55 Detailed step-by-step instructions to follow during a security incident are considered:

Policies

Guidelines

Procedures

Standards

NO.56 Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?

Security and evaluating the electronic crime scene.

Transporting the evidence to the forensics lab

Packaging the electronic device

Conducting preliminary interviews

NO.57 A network administrator has determined that network performance has degraded due to excessive use of social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?

Whitelisting

Web content filtering

Network segmentation

Blacklisting

NO.58 A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?

Logs should be synchronized to their local time zone.

Logs should be synchronized to a common, predefined time source.

Logs should contain the username of the user performing the action.

Logs should include the physical location of the action performed.

NO.59 According to company policy, all accounts with administrator privileges should have suffix _j a. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator’s group. Which of the following actions should the security administrator take?

Review the system log on the affected workstation.

Review the security log on a domain controller.

Review the system log on a domain controller.

Review the security log on the affected workstation.

NO.60 Which of the following security best practices should a web developer reference when developing a new web- based application?

Control Objectives for Information and Related Technology (COBIT)

Risk Management Framework (RMF)

World Wide Web Consortium (W3C)

Open Web Application Security Project (OWASP)

NO.61 After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

Stealth scanning

Xmas scanning

FINS scanning

Port scanning

NO.62 An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?

Hardening the infrastructure

Documenting exceptions

Assessing identified exposures

Generating reports

NO.63 To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)

Changing the default password

Updating the device firmware

Setting up new users

Disabling IPv6

Enabling the firewall

NO.64 Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)

Installing patches

Updating configurations

Documenting exceptions

Conducting audits

Generating reports

NO.65 After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?

Covert channels

File sharing services

Steganography

Rogue service

NO.66 Which of the following is susceptible to a cache poisoning attack?

Domain Name System (DNS)

Secure Shell (SSH)

Hypertext Transfer Protocol Secure (HTTPS)

Hypertext Transfer Protocol (HTTP)

NO.67 A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there is little endpoint security implementation on the company’s systems. Which of the following could be included in an endpoint security solution? (Choose two.)

Web proxy

Network monitoring system

Data loss prevention (DLP)

Anti-malware

Network Address Translation (NAT)

NO.68 Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?

Active scanning

Passive scanning

Network enumeration

Application enumeration

NO.69 An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

Data loss prevention (DLP)

Firewall

Web proxy

File integrity monitoring

NO.70 As part of an organization’s regular maintenance activities, a security engineer visits the Internet Storm Center advisory page to obtain the latest list of blacklisted host/network addresses. The security engineer does this to perform which of the following activities?

Update the latest proxy access list

Monitor the organization’s network for suspicious traffic

Monitor the organization’s sensitive databases

Update access control list (ACL) rules for network devices

NO.71 A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be PRIMARY focus of the incident response team?

Restore service and eliminate the business impact.

Determine effective policy changes.

Inform the company board about the incident.

Contact the city police for official investigation.

NO.72 Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?

Dictionary attack

Password guessing

Brute force attack

Rainbow tables

NO.73 An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?

Hex editor

tcpdump

Wireshark

Snort

NO.74 An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

Clear the ARP cache on their system.

Enable port mirroring on the switch.

Filter Wireshark to only show ARP traffic.

Configure the network adapter to promiscuous mode.

NO.75 The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)

Providing a briefing to management

Updating policies and procedures

Training staff for future incidents

Investigating responsible staff

Drafting a recovery plan for the incident

NO.76 Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

Evidence bags

Lock box

Caution tape

Security envelope

Secure rooms

Faraday boxes

NO.77 Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)

Increases browsing speed

Filters unwanted content

Limits direct connection to Internet

Caches frequently-visited websites

Decreases wide area network (WAN) traffic

Full CFR-410 Practice Test and 100 unique questions with explanations waiting just for you, get it now: https://www.testkingfree.com/CertNexus/CFR-410-practice-exam-dumps.html