Free CFR-410 Exam Braindumps (page: 7)

Page 6 of 26

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning.
Which of the following actions should the administrator take next?

  1. Clear the ARP cache on their system.
  2. Enable port mirroring on the switch.
  3. Filter Wireshark to only show ARP traffic.
  4. Configure the network adapter to promiscuous mode.

Answer(s): D


Reference:

https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_arp_poisoning.htm



A security investigator has detected an unauthorized insider reviewing files containing company secrets.
Which of the following commands could the investigator use to determine which files have been opened by this user?

  1. ls
  2. lsof
  3. ps
  4. netstat

Answer(s): B



While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system.
Which of the following steps in the attack process does this activity indicate?

  1. Expanding access
  2. Covering tracks
  3. Scanning
  4. Persistence

Answer(s): A



Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

  1. Cybercriminals
  2. Hacktivists
  3. State-sponsored hackers
  4. Cyberterrorist

Answer(s): C






Post your Comments and Discuss CertNexus CFR-410 exam with other Community members:

CFR-410 Discussions & Posts