CFR-410 Practice Exam Questions and Answers

A.  

Exploit range

B.  

Costs

C.  

Severity level

D.  

Zero days

E.  

Threat modeling

A.  

CVM, NVD, and OSVDB

B.  

CVE, CVSS, and OSVDB

C.  

CVE, CVSS, and OVAL

D.  

CWE, CWSS, and OVAL

A.  

Reverse proxy

B.  

Web application firewall

C.  

Stateful firewall

D.  

Web content filtering

A.  

GDPR

B.  

CCPA

C.  

PPA

D.  

HIPPA

E.  

COPPA

A.  

There may be duplicate computer names on the network.

B.  

The computer name may not be admissible evidence in court.

C.  

Domain Name System (DNS) records may have changed since the log was created.

D.  

There may be field name duplication when combining log files.

A.  

syslog

B.  

MSConfig

C.  

Event Viewer

D.  

Process Monitor

A.  

Crisis communication plan

B.  

Disaster recovery plan

C.  

Occupant emergency plan

D.  

Incident response plan

A.  

Alerts of potential attacks, forensic investigations, and incident detection.

B.  

Forensic investigations, threat modeling, and big data analysis.

C.  

Malware analysis, forensic investigations, and incident detection.

D.  

Static malware analysis, dynamic malware analysis, and incident detection.

A.  

It is difficult to set up, so an unskilled attacker won't be able to figure it out.

B.  

Without the proper key, an attacker won't be able to unscramble the encrypted information.

C.  

Using encryption requires advanced training in mathematics, which is beyond the capabilities of most attackers.

D.  

Information can be encrypted but it can never be decrypted leaving an attacker unable to read the information