New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CFR-210 Questions and Answers

Question # 6

Click the exhibit button. Which of the following Windows tools is executed?

A.

nmap

B.

netstat

C.

tracert

D.

traceroute

Full Access
Question # 7

A forensics analyst is analyzing an executable and thinks it may have some text of interest hidden within it. Which of the following tools can the analyst use to assist in validating the suspicion?

A.

Isof

B.

cat command

C.

hex editor

D.

more

Full Access
Question # 8

Why is it important to update system clocks from a single time source?

A.

For backup data timestamps

B.

To ensure device data integrity

C.

For log data correlation

D.

To assist in network data packet capture

Full Access
Question # 9

An attacker has exfiltrated the SAM file from a Windows workstation. Which of the following attacks is MOST likely being perpetrated?

A.

user enumeration

B.

Brute forcing

C.

Password sniffing

D.

Hijacking/rooting

Full Access
Question # 10

A logfile generated from a Windows server was moved to a Linux system for further analysis. A system administrator is now making edits to the file with vi and notices the file contains numerous instances of Ctrl-M (^M) characters. Which of the following command line tools is the administrator MOST likely to use to remove these characters from the logfile? (Choose two.)

A.

tr

B.

cut

C.

cat

D.

unix2dos

E.

awk

Full Access
Question # 11

During a malware outbreak, a security analyst has been asked to capture network traffic in hourly increments for analysis by the incident response team. Which of the following tcpdump commands would generate hourly pcap files?

A.

tcpdump –nn –i eth0 –w output.pcap –C 100 –W 10

B.

tcpdump –nn –i eth0 –w output.pcap –W 24

C.

tcpdump –nn –i eth0 –w output.pcap –G 3600 –W 14

D.

tcpdump –nn –i eth0 –w output.pcap

Full Access
Question # 12

An incident responder notices many entries in an apache access log file that contain semicolons. Which of the following attacks is MOST likely being attempted?

A.

SQL injection

B.

Remote file inclusion

C.

Account brute force

D.

Cross-site scripting

Full Access
Question # 13

Which of the following are reasons that a hacker would execute a DoS or a DDoS attack? (Choose two.)

A.

To determine network bandwidth

B.

To distract the incident response team

C.

To distract the remediation team

D.

To promote business operations

E.

To compromise a system and reuse the IP address

Full Access
Question # 14

A user reports a pop-up error when starting a Windows machine. The error states that the machine has been infected with a virus and instructs the user to download a new antivirus client. In which of the following locations should the incidentresponder check to find what is generating the error message? (Choose two.)

A.

Auto-start registry keys

B.

Device Manager

C.

Event Viewer

D.

Programs and Features

E.

Browser history

Full Access
Question # 15

A DMZ web server has been compromised. During the log review, the incident responder wants to parse all common internal Class A addresses from the log. Which of the following commands should the responder use to accomplish this?

A.

grep –x”(10.[0-9]+.[0-9]+.[0-9]+)” etc/rc.d/apache2/access.log | output.txt

B.

grep –x”(192.168.[0.9]+[0-9])” bin/apache2/access.log | output.txt

C.

grep –v”(10.[0-9]+.[0-9]+.[0-9]+)” /var/log/apache2/access.log > output.txt

D.

grep –v”(192.168.[0.9]+[0-9]+)” /var/log/apache2/access.log > output.txt

Full Access