CFR-410 Exam Dumps - CyberSec First Responder (CFR) Exam

Go to page:

<< First
Prev
1
2
3
4
5
6
7
Next
Last >>

Question # 4

A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?

# tcpdump -i eth0 host 88.143.12.123

# tcpdump -i eth0 dst 88.143.12.123

# tcpdump -i eth0 host 192.168.10.121

# tcpdump -i eth0 src 88.143.12.123

Full Access

Question # 5

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

iptables -A INPUT -p tcp â€“dport 25 -d x.x.x.x -j ACCEPT

iptables -A INPUT -p tcp â€“sport 25 -d x.x.x.x -j ACCEPT

iptables -A INPUT -p tcp â€“dport 25 -j DROP

iptables -A INPUT -p tcp â€“destination-port 21 -j DROP

iptables -A FORWARD -p tcp â€“dport 6881:6889 -j DROP

Full Access

Question # 6

To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)

Changing the default password

Updating the device firmware

Setting up new users

Disabling IPv6

Enabling the firewall

Full Access

Question # 7

What is the correct order of the DFIR phases?

Full Access

Question # 8

Which term describes the process of collecting logs from many sources across an IT infrastructure into a single, centralized platform to be reviewed and analyzed?

Log processing

Log aggregation

Log monitoring

Log normalization

Log correlation

Full Access