CFR-310 CertNexus Cybersecurity - CyberSec First Responder Exam
Get link
Facebook
X
Pinterest
Email
Other Apps
Exam Code CFR-310
Launch Date September 2018
Sunset Date TBD (Typically 3 years from Launch Date)
Target Candidate Individuals with between 3 and 5 years of experience working in
a computing environment as part of a CERT/CSIRT/SOC who protect critical
information systems before, during, and after an incident.
Common Job Titles System Administrator
Network Administrator
Help Desk Technician
Information System Technician
Incident Responder
Incident Response Analyst
Cyber Crime Investigator
IT Auditor
Information Security and IT Auditor
Systems Analyst
Network Analyst
Incident Analyst
Security Analyst
Network Security Engineer
Information Assurance Analyst
Network Defense Technician
Network Administrator
Information Systems Security Engineer
Exam Description The CyberSec First Responder™ exam will certify that the
successful candidate has the knowledge, skills, and abilities required to deal
with a changing threat landscape and will be able to assess risk and
vulnerabilities, acquire data, perform analysis, continuously communicate,
determine scope, recommend remediation actions, and accurately report results.
Number of Questions 100 questions
Item Formats Multiple Choice/Multiple Response
Exam Duration 120 minutes (including 5 minutes for Candidate Agreement and 5
minutes for Pearson VUE tutorial)
Exam Options In person at Pearson VUE test centers or online via Pearson OnVUE
Passing Score 70%
Summary This course covers network defense and incident response methods, tactics,
andprocedures that are in alignment with industry frameworks such as NIST
800-61r2(Computer Security Incident Handling Guide), US-CERT's National Cyber
IncidentResponse Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on
Cyber IncidentCoordination. It is ideal for candidates who have been tasked with
the responsibilityofmonitoring and detecting security incidents in information
systems and networks, andforexecuting standardized responses to such incidents.
The course introduces tools,tactics, and procedures to manage cybersecurity
risks, identify various types of commonthreats, evaluate the organization's
security, collect and analyze cybersecurityintelligence, and remediate and
report incidents as they occur. This course providesacomprehensive methodology
for individuals responsible for defending the cybersecurityoftheir organization.
This course is designed to assist students in preparing for the CertNexus
CyberSecFirst Responder (Exam CFR-310) certification examination. What you learn
andpractice in this course can be a significant part of your preparation.
In addition, this course and subsequent certification (CFR-310) meet all
requirementsfor personnel requiring DoD directive 8570.01-M position
certification baselines:
• CSSP Analyst
• CSSP Infrastructure Support
• CSSP Incident Responder
Prerequisites
To ensure your success in this course, you should meet the following
requirements: •At least two years (recommended) of experience or education in
computer networksecurity technology or a related field. •The ability or
curiosity to recognize information security vulnerabilities andthreats in the
context of risk management. •Foundational knowledge of the concepts and
operational framework of commonassurance safeguards in network environments.
Safeguards include, but are notlimited to, firewalls, intrusion prevention
systems, and VPNs. •General knowledge of the concepts and operational framework
of common assurancesafeguards in computing environments. Safeguards include, but
are not limited to,basic authentication and authorization, resource permissions,
and anti-malwaremechanisms. •Foundation-level skills with some of the common
operating systems for computingenvironments. •Entry-level understanding of some
of the common concepts for networkenvironments, such as routing and switching.
•General or practical knowledge of major TCP/IP networking protocols,
including,but not limited to, TCP, IP, UDP, DNS, HTTP, ARP, ICMP, and DHCP.
Audience
This course is designed primarily for cybersecurity practitioners preparing for
orwhocurrently perform job functions related to protecting information systems
by ensuringtheir availability, integrity, authentication, confidentiality, and
non-repudiation.Itis ideal for those roles within federal contracting companies
and private sector firmswhose mission or strategic objectives require the
execution of Defensive CyberOperations (DCO) or DoD Information Network (DoDIN)
operation and incident handling.This course focuses on the knowledge, ability,
and skills necessary to provide forthedefense of those information systems in a
cybersecurity context, including protection,detection, analysis, investigation,
and response processes. In addition, the course ensures that all members of an
IT team—regardless of size,rank,or budget—understand their role in the cyber
defense, incident response, and incidenthandling process.
Topics In this course, you will understand, assess, and respond to security threats
and operatea system and network security analysis platform.
• Compare and contrast various threats and classify threat profiles.
• Explain the purpose and use of attack methods and techniques.
• Explain the purpose and use of post-exploitation tools and tactics.
• Given a scenario, perform ongoing threat landscape research and use data
toprepare for incidents.
• Explain the purpose and characteristics of various data sources.
• Given a scenario, use real-time data analysis to detect anomalies.
• Given a scenario, analyze common indicators of potential compromise.
• Given a scenario, use appropriate tools to analyze logs.
• Given a scenario, use appropriate containment methods or tools.
• Given a scenario, use appropriate asset discovery methods or tools.
• Given a scenario, use Windows tools to analyze incidents.
• Given a scenario, use Linux-based tools to analyze incidents.
• Given a scenario, execute the incident response process.
• Explain the importance of best practices in preparation for incidentresponse.
• Identify applicable compliance, standards, frameworks, and best practices.
• Explain the importance of concepts that are unique to forensic analysis.
• Identify the common areas of vulnerability.
• Identify the steps of the vulnerability process.
QUESTION 1 A network security analyst has noticed a flood of Simple Mail Transfer
Protocol (SMTP) traffic to internal clients.
SMTP traffic should only be allowed to email servers. Which of the following
commands would stop this attack? (Choose two.)
A. iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT
B. iptables -A INPUT -p tcp –sport 25 -d x.x.x.x -j ACCEPT
C. iptables -A INPUT -p tcp –dport 25 -j DROP
D. iptables -A INPUT -p tcp –destination-port 21 -j DROP
E. iptables -A FORWARD -p tcp –dport 6881:6889 -j DROP
Correct Answer: AC
QUESTION 2 A secretary receives an email from a friend with a picture of a kitten in
it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company
receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual
machine to test it. After a short
analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown
/r /m Error! Hyperlink
reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and
relax!”);Start-Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to
accomplish?
A. Taunt the user and then trigger a shutdown every 15 minutes.
B. Taunt the user and then trigger a reboot every 15 minutes.
C. Taunt the user and then trigger a shutdown every 900 minutes.
D. Taunt the user and then trigger a reboot every 900 minutes.
Correct Answer: B
QUESTION 3 A Linux system administrator found suspicious activity on host IP
192.168.10.121. This host is also
establishing a connection to IP 88.143.12.123. Which of the following commands
should the administrator use to capture only the traffic between the two hosts?
A. # tcpdump -i eth0 host 88.143.12.123
B. # tcpdump -i eth0 dst 88.143.12.123
C. # tcpdump -i eth0 host 192.168.10.121
D. # tcpdump -i eth0 src 88.143.12.123
Correct Answer: B
QUESTION 4 After imaging a disk as part of an investigation, a forensics analyst wants
to hash the image using a tool that supports piecewise hashing. Which of the
following tools should the analyst use?
A. md5sum
B. sha256sum
C. md5deep
D. hashdeep
Correct Answer: A
QUESTION 5 Which of the following is a cybersecurity solution for insider threats to
strengthen information protection?
A. Web proxy
B. Data loss prevention (DLP)
C. Anti-malware
D. Intrusion detection system (IDS)
Languages: English Audiences: IT professionals Technology: Microsoft 365 Skills measured This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams. Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program. If you have concerns about specific questions on this exam, please submit an exam challenge. If you have other questions or feedb...
Overview This exam is a qualifying exam for the Expert - SC Series track. This exam focuses on the knowledge and activities involved in installing, initializing, configuring, testing, updating, upgrading and troubleshoot the hardware and software of the Dell EMC SC Series Storage products. Dell EMC provides free practice tests to assess your knowledge in preparation for the exam. Practice tests allow you to become familiar with the topics and question types you will find on the proctored exam. Your results on a practice test offer one indication of how prepared you are for the proctored exam and can highlight topics on which you need to study and train further. A passing score on the practice test does not guarantee a passing score on the certification exam. Products Products likely to be referred to on this exam include but are not limited to: SC Series Storage DSM 2015, SCOS 6.X, the SC4020 and the SC8000 Exam Topics Topics likely to be covered on this exam inclu...
Citrix 1Y0-341 (CCP-N) Certification Exam Syllabus 1Y0-341 Dumps Questions, 1Y0-341 PDF, CCP-N Exam Questions PDF, Citrix 1Y0-341 Dumps Free, CCP-N Official Cert Guide PDFThe Citrix 1Y0-341 exam preparation guide is designed to provide candidates with necessary information about the CCP-N exam. It includes exam summary, sample questions, practice test, objectives and ways to interpret the exam objectives to enable candidates to assess the types of questions-answers that may be asked during the Citrix Certified Professional - Networking (CCP-N) exam. It is recommended for all the candidates to refer the 1Y0-341 objectives and sample questions provided in this preparation guide. The Citrix CCP-N certification is mainly targeted to the candidates who want to build their career in Networking domain and demonstrate their expertise. We suggest you to use practice exam listed in this cert guide to get used to with exam environment and identify the knowledge areas where you...
Comments
Post a Comment