Exam Code CFR-310
Launch Date September 2018
Sunset Date TBD (Typically 3 years from Launch Date)
Target Candidate Individuals with between 3 and 5 years of experience working in a computing environment as part of a CERT/CSIRT/SOC who protect critical information systems before, during, and after an incident.
Common Job Titles
System Administrator
Network Administrator
Help Desk Technician
Information System Technician
Incident Responder
Incident Response Analyst
Cyber Crime Investigator
IT Auditor
Information Security and IT Auditor
Systems Analyst
Network Analyst
Incident Analyst
Security Analyst
Network Security Engineer
Information Assurance Analyst
Network Defense Technician
Network Administrator
Information Systems Security Engineer
Exam Description The CyberSec First Responder™ exam will certify that the successful candidate has the knowledge, skills, and abilities required to deal with a changing threat landscape and will be able to assess risk and vulnerabilities, acquire data, perform analysis, continuously communicate, determine scope, recommend remediation actions, and accurately report results.
Number of Questions 100 questions
Item Formats Multiple Choice/Multiple Response
Exam Duration 120 minutes (including 5 minutes for Candidate Agreement and 5 minutes for Pearson VUE tutorial)
Exam Options In person at Pearson VUE test centers or online via Pearson OnVUE
Passing Score 70%
Summary
This course covers network defense and incident response methods, tactics, andprocedures that are in alignment with industry frameworks such as NIST 800-61r2(Computer Security Incident Handling Guide), US-CERT’s National Cyber IncidentResponse Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on Cyber IncidentCoordination. It is ideal for candidates who have been tasked with the responsibilityofmonitoring and detecting security incidents in information systems and networks, andforexecuting standardized responses to such incidents. The course introduces tools,tactics, and procedures to manage cybersecurity risks, identify various types of commonthreats, evaluate the organization’s security, collect and analyze cybersecurityintelligence, and remediate and report incidents as they occur. This course providesacomprehensive methodology for individuals responsible for defending the cybersecurityoftheir organization.
This course is designed to assist students in preparing for the CertNexus CyberSecFirst Responder (Exam CFR-310) certification examination. What you learn andpractice in this course can be a significant part of your preparation.
In addition, this course and subsequent certification (CFR-310) meet all requirementsfor personnel requiring DoD directive 8570.01-M position certification baselines:
• CSSP Analyst
• CSSP Infrastructure Support
• CSSP Incident Responder
Prerequisites
To ensure your success in this course, you should meet the following requirements: •At least two years (recommended) of experience or education in computer networksecurity technology or a related field. •The ability or curiosity to recognize information security vulnerabilities andthreats in the context of risk management. •Foundational knowledge of the concepts and operational framework of commonassurance safeguards in network environments. Safeguards include, but are notlimited to, firewalls, intrusion prevention systems, and VPNs. •General knowledge of the concepts and operational framework of common assurancesafeguards in computing environments. Safeguards include, but are not limited to,basic authentication and authorization, resource permissions, and anti-malwaremechanisms. •Foundation-level skills with some of the common operating systems for computingenvironments. •Entry-level understanding of some of the common concepts for networkenvironments, such as routing and switching. •General or practical knowledge of major TCP/IP networking protocols, including,but not limited to, TCP, IP, UDP, DNS, HTTP, ARP, ICMP, and DHCP.
Audience
This course is designed primarily for cybersecurity practitioners preparing for orwhocurrently perform job functions related to protecting information systems by ensuringtheir availability, integrity, authentication, confidentiality, and non-repudiation.Itis ideal for those roles within federal contracting companies and private sector firmswhose mission or strategic objectives require the execution of Defensive CyberOperations (DCO) or DoD Information Network (DoDIN) operation and incident handling.This course focuses on the knowledge, ability, and skills necessary to provide forthedefense of those information systems in a cybersecurity context, including protection,detection, analysis, investigation, and response processes. In addition, the course ensures that all members of an IT team—regardless of size,rank,or budget—understand their role in the cyber defense, incident response, and incidenthandling process.
Topics
In this course, you will understand, assess, and respond to security threats and operatea system and network security analysis platform.
• Compare and contrast various threats and classify threat profiles.
• Explain the purpose and use of attack methods and techniques.
• Explain the purpose and use of post-exploitation tools and tactics.
• Given a scenario, perform ongoing threat landscape research and use data toprepare for incidents.
• Explain the purpose and characteristics of various data sources.
• Given a scenario, use real-time data analysis to detect anomalies.
• Given a scenario, analyze common indicators of potential compromise.
• Given a scenario, use appropriate tools to analyze logs.
• Given a scenario, use appropriate containment methods or tools.
• Given a scenario, use appropriate asset discovery methods or tools.
• Given a scenario, use Windows tools to analyze incidents.
• Given a scenario, use Linux-based tools to analyze incidents.
• Given a scenario, execute the incident response process.
• Explain the importance of best practices in preparation for incidentresponse.
• Identify applicable compliance, standards, frameworks, and best practices.
• Explain the importance of concepts that are unique to forensic analysis.
• Identify the common areas of vulnerability.
• Identify the steps of the vulnerability process.
QUESTION 1
A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients.
SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
A. iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT
B. iptables -A INPUT -p tcp –sport 25 -d x.x.x.x -j ACCEPT
C. iptables -A INPUT -p tcp –dport 25 -j DROP
D. iptables -A INPUT -p tcp –destination-port 21 -j DROP
E. iptables -A FORWARD -p tcp –dport 6881:6889 -j DROP
Correct Answer: AC
QUESTION 2
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a short
analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink
reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to accomplish?
A. Taunt the user and then trigger a shutdown every 15 minutes.
B. Taunt the user and then trigger a reboot every 15 minutes.
C. Taunt the user and then trigger a shutdown every 900 minutes.
D. Taunt the user and then trigger a reboot every 900 minutes.
Correct Answer: B
QUESTION 3
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also
establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
A. # tcpdump -i eth0 host 88.143.12.123
B. # tcpdump -i eth0 dst 88.143.12.123
C. # tcpdump -i eth0 host 192.168.10.121
D. # tcpdump -i eth0 src 88.143.12.123
Correct Answer: B
QUESTION 4
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
A. md5sum
B. sha256sum
C. md5deep
D. hashdeep
Correct Answer: A
QUESTION 5
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?
A. Web proxy
B. Data loss prevention (DLP)
C. Anti-malware
D. Intrusion detection system (IDS)
Correct Answer: B
Actualkey CertNexus CyberSec CFR-310 exam pdf, Certkingdom CertNexus CyberSec CFR-310 PDF
Best CertNexus CyberSec CFR-310 Certification, CertNexus CyberSec CFR-310 Training at certkingdom.com
