Free Preparation Discussions
MENU
Logical Operations CFR-210 Exam
- Topic 1: Explain the importance of concepts that are unique to forensic analysis/ Explain the purpose and use of attack tools and techniques
- Topic 2: Given a scenario, use regular expressions to parse log files and locate meaningful data/ Explain general mitigation methods and devices
- Topic 3: Perform ongoing threat landscape research and use data to prepare for incidents/ Given a scenario, execute incident response process
- Topic 4: Explain the importance of best practices in preparation for incident response/ Compare and contrast various threats and classify threat profiles
- Topic 5: Summarize methods and tools used for malware analysis/ Explain the purpose and use of post exploitation tools and tactics
- Topic 6: Given a scenario, analyze common indicators of potential compromise/ Explain the purpose and characteristics of various data sources
- Topic 7: Explain the purpose and use of social engineering tactics/ Given a scenario, use Linux-based tools to analyze incidents
- Topic 8: Given a scenario, use Windows tools to analyze incidents/ Given a scenario, use appropriate tools to analyze logs
Free Logical Operations CFR-210 Exam Actual Questions
The questions for CFR-210 were last updated On May. 15, 2023
Which of the following logs should be checked to determine if an internal user connected to a potentially malicious website? (Choose two.)
An analyst would like to search for a specific text string at the beginning of a line that begins with four capital alphabetic characters. Which of the following search operators should be used?
Which of the following logs should be checked to determine if an internal user connected to a potentially malicious website? (Choose two.)
Which of the following types of logs is shown below, and what can be discerned from its contents?
2015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80
2015-07-19 12:33:31 reject UDP 166.32.22.12 192.141.173.72 1234 80
2015-07-19 12:33:31 reject UDP 123.56.71.145 192.141.173.72 1234 80
2015-07-19 12:33:31 reject UDP 146.64.21.212 192.141.173.72 1234 80
2015-07-19 12:33:32 reject UDP 166.32.22.12 192.141.173.72 1234 80
2015-07-19 12:33:32 reject UDP 123.56.71.145 192.141.173.72 1234 80
2015-07-19 12:33:32 reject UDP 146.64.21.212 192.141.173.72 1234 80
2015-07-19 12:33:33 reject UDP 166.32.22.12 192.141.173.72 1234 80
2015-07-19 12:33:33 reject UDP 123.56.71.145 192.141.173.72 1234 80
2015-07-19 12:33:33 reject UDP 146.64.21.212 192.141.173.72 1234 80
2015-07-19 12:33:34 reject UDP 166.32.22.12 192.141.173.72 1234 80
2015-07-19 12:33:34 reject UDP 123.56.71.145 192.141.173.72 1234 80
2015-07-19 12:33:34 reject UDP 146.64.21.212 192.141.173.72 1234 80
2015-07-19 12:33:35 reject UDP 166.32.22.12 192.141.173.72 1234 80
2015-07-19 12:33:35 reject UDP 123.56.71.145 192.141.173.72 1234 80
A DMZ web server has been compromised. During the log review, the incident responder wants to parse all common internal Class A addresses from the log. Which of the following commands should the responder use to accomplish this?
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Submit Cancel