CFR-410 CertNexus CyberSec First Responder (CFR) Exam Free Practice Exam Questions (2025 Updated)

Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

What is the primary role of an intrusion detection system (IDS) on a network?

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:

-Running antivirus scans on the affected user machines

-Checking department membership of affected users

-Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

-Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?

Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?

Which of the following can increase an attack surface?

A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?

An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.

Which of the following provides the organization with the BEST chance for recovering their data?

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

Which term describes the process of collecting logs from many sources across an IT infrastructure into a single, centralized platform to be reviewed and analyzed?

What is the definition of a security breach?

What are three examples of incident response? (Choose three.)

An employee discovered the default credentials in DB servers, which were found by using a word list of commonly used and default passwords in Hydra, the tool behind the Brute functionality. The use of the word list in Hydra is an example of what type of password cracking?

Which of the following is a cybersecurity solution for insider threats to strengthen information protection?

Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)

A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the

~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:

“You seem tense. Take a deep breath and relax!”

The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:

\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”

Which of the following BEST represents what the attacker was trying to accomplish?

To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)