CFR-410 Practice Questions

Senior management has stated that antivirus software must be installed on all employee workstations. Which

of the following does this statement BEST describe?

A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?

Which three disk image formats are used for evidence collection and preservation? (Choose three.)

Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

Which term describes the process of collecting logs from many sources across an IT infrastructure into a single, centralized platform to be reviewed and analyzed?

An incident response team is concerned with verifying the integrity of security information and event

management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?

What is the definition of a security breach?

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?