CFR-210 Exam Dumps - Logical Operations CyberSec First Responder

Go to page:

Question # 4

Drag and drop the following steps in the correct order from first (1) to last (7) that a forensic expert would follow based on data analysis in a Windows system.

Full Access

Question # 5

A system administrator is informed that a user received an email containing a suspicious attachment. Which of the following methods is the FASTEST way to determine whether the file is suspicious or not?

Reverse engineering

Virus scanning

Virtualization

Sandboxing

Full Access

Question # 6

An attacker has sent malicious macro-enabled Office files. Which of the following regular expressions will return a list of macro-enabled files?

^.*?\.(?:xls|ppt|doc)m

^.*(?:xls|ppt|doc)m.*

^.*?\.(?:xls|ppt|doc)m$

^.*(?:xls|ppt|doc)m

Full Access

Question # 7

During an annual penetration test, several rootkit-enabled systems are found to be exfiltrating data. The penetration test team and the internal incident response team work to begin cleanup. The companyâ€™s operations team offers a new emails server to use for communications during the incident. As cleanup continues, the attackers seem to know exactly what the incident response plan is. Which of the following will prevent the attackers from compromising cleanup activities?

Check the DNS server for rootkits placed by the attackers.

Disconnect the Internet router until all systems can be checked and cleaned.

Use out-of-band communication until the end of the incident.

Disconnect the old emails server until they can be checked and cleaned.

Full Access

Question # 8

Which of the following describes pivoting?

Copying captured data to a hackerâ€™s system

Performing IP packet inspection

Generating excessive network traffic

Accessing another system from a compromised system

Full Access