Logical Operations Certified CyberSec First Responder CFR-210 CFR Exam Questions

An attacker has decided to attempt a brute force attack on a UNIX server. In order to accomplish this, which of the following steps must be performed?

An alert on user account activity outside of normal business hours returns Windows even IDs 540 and 4624. In which of the following locations will these events be found?

A Windows system user reports seeing a command prompt window pop up briefly during each login. In which of the following locations would an incident responder check to explain this activity?

A SOC analyst has been tasked with checking all files in every employee home directory for any mention of a new product code named PitViper. Which of the following commands will return all requested data?

An outside organization has reported to the Chief Information Officer (CIO) of a company that it has received attack from a Linux system in the company's DMZ. Which of the following commands should an incident responder use to review a list of currently running programs on the potentially compromised system?

While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?

An incident responder is investigating a Linux server reported to be ''behaving strangely''. Which of the following commands should the incident responder use to identify any users currently logged into the system? (Choose two.)