← Back to exam page

CFR-410 CyberSec First Responder (CFR)

Loading demo links...

Showing 4–6 of 10 questions

Question 4

A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)

Select all that apply, then click Submit answer.

  • NetFlow logs

  • Web server logs

  • Domain controller logs

  • Proxy logs

  • FTP logs
Question 5

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

Select all that apply, then click Submit answer.

  • Notifying law enforcement

  • Notifying the media

  • Notifying a national compute emergency response team (CERT) or cybersecurity incident response team (CSIRT)

  • Notifying the relevant vendor

  • Notifying a mitigation expert
Question 6

An incident at a government agency has occurred and the following actions were taken:

- Users have regained access to email accounts

- Temporary VPN services have been removed

- Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated

- Temporary email servers have been decommissioned

Which of the following phases of the incident response process match the actions taken?

Select an option, then click Submit answer.

  • Containment

  • Post-incident

  • Recovery

  • Identification