CFR-410 Practice Questions

After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

An incident at a government agency has occurred and the following actions were taken:

-Users have regained access to email accounts

-Temporary VPN services have been removed

-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated

-Temporary email servers have been decommissioned

Which of the following phases of the incident response process match the actions taken?

Which term best describes an asset's susceptibility to damage or loss due to a threat?

Which of the following should normally be blocked through a firewall?

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

Detailed step-by-step instructions to follow during a security incident are considered:

What kind of measures and controls are implemented when employees get assigned personal, unique badges when they join the organization, and they remain valid until the employee's last day of work?

An organization wants to deploy a network security tool to alert them but not block malicious activity and network traffic. Which of the following tools would BEST meet the organization's needs?

A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?