Logical Operations CFR-210 Exam Topics
Logical Operations CFR-210 Exam Overview :
Exam Name: | Certified CyberSec First Responder |
Exam Code: | CFR-210 |
Certifications: | Logical Operations CFR Certification |
Actual Exam Duration: | 120 minutes |
Expected no. of Questions in Actual Exam: | 100 |
See Expected Questions: | Logical Operations CFR-210 Expected Questions in Actual Exam |
Logical Operations CFR-210 Exam Objectives :
Section | Weight | Objectives |
---|---|---|
Domain 1: Threat Landscape | 25% | 1.1 Compare and contrast various threats and classify threat profiles * Threat actors o Script kiddies o Recreational hackers o Professional hackers o Hacktivists o Cyber criminals o State sponsored hackers o Terrorists o Insider * Threat motives o Desire for money o Desire for power o Fun/thrill/exploration o Reputation/recognition o Association/affiliation * Threat intent o Blackmail o Theft o Espionage o Revenge o Hacktivism/political o Defamation of character * Attack vector o Vulnerabilities o Exploits o Techniques * Technique criteria o Targeted/non-targeted o Direct/indirect o Stealth/non-stealth o Client-side/server-sid* * Understanding qualitative risk and impact 1.2 Explain the purpose and use of attack tools and techniques * Footprinting o Open source intelligence o Closed source intelligence * Scanning o Port scanning o Vulnerability scanning * Targeted vulnerability scanners vs. general vulnerability scanners o Network scanning o Web app scanning * Enumeration o User enumeration o Application enumeration o Email enumeration o War dialing * Gaining access o Exploitation frameworks o Client side attacks * Application exploits * Browser exploits o Server side attacks o Mobile * Malicious apps * Malicious texts * Hijacking/rooting o Web attacks * CSRF * SQL injection * Directory traversal * LFI/RFI * Command injection o Password attacks * Password cracking * Brute forcing * Password guessing * Password dictionary * Rainbow tables * Password sniffing o Wireless attacks * Wireless cracking * Wireless client attacks * Infrastructure attacks o Social engineering o Man-in-the-middle * ARP spoofing * ICMP redirect * DHCP spoofing * NBNS spoofing * Session hijacking * DNS poisoning o Malware * Trojan * Malvertisement * Virus * Worm o Out of band * OEM supply chain * Watering hole * Denial of Service o DDoS * LOIC/HOIC o Resource exhaustion o Forced system outage o Packet generators 1.3 Explain the purpose and use of post exploitation tools and tactics * Command and control o IRC o HTTP/S o DNS o Custom channels o ICMP * Data exfiltration o Covert channels o File sharing services * Pivoting o VPN o SSH tunnels o Routing tables * Lateral movement o Pass the hash o Golden ticket o psexec o wmic o Remote access services * Persistence/maintaining access o Rootkits o Backdoors o Hardware backdoor o Rogue accounts o Logic bombs * Keylogging * Anti-forensics o Golden ticket o Buffer overflows against forensics tools o Packers o Virtual machine detection o Sandbox detection o ADS o Shredding o Memory residents * Covering your tracks o Log wipers 1.4 Explain the purpose and use of social engineering tactics * Phishing o Phishing variations * Spear phishing * Whaling * Vishing o Delivery mediums * IM * Post card * Text * QR code * Social networking sites o Common components * Spoofing messages * Rogue domains * Malicious links * Malicious attachments * Shoulder surfing * Tailgating * Face-to-face interaction * Fake portals/malicious websites 1.5 Given a scenario, perform ongoing threat landscape research and use data to prepare for incidents * Latest technologies, vulnerabilities, threats and exploits * Utilize trend data to determine likelihood and threat attribution * New tools/prevention techniques * Data gathering/research tools o Journals o Vulnerability databases o Books o Blogs o Intelligence feeds o Security advisories o Social network sites * Common targeted assets o Financial information o Credit card numbers o Account information o Intellectual Property o PHI o PII |
Domain 2: Passive Data-Driven Analysis | 27% | 2.1 Explain the purpose and characteristics of various data sources * Network-based o Device configuration file(s) o Firewall logs o WAF logs o IDS/IPS logs o Switch logs o Router logs o Carrier provider logs o Proxy logs o Wireless * WAP logs * WIPS logs * Controller logs o Network sniffer * Packet capture * Traffic log * Flow data o Device state data * CAM tables * Routing tables * NAT tables * DNS cache * ARP cache o SDN * Host-based o System logs o Service logs * SSH logs * Time * Crypto protocol * User * Success/failure * HTTP logs * HTTP methods (get, post) * Status codes * Headers * User agents * SQL logs * Access logs * Query strings * SMTP logs * FTP logs * DNS logs * Suspicious lookups * Suspicious domains * Types of DNS queries o Windows event logs * App log * System log * Security log o Linux syslog o Application logs * Browser * HIPS logs * AV logs * Integrity checker * Vulnerability testing data o Third party data o Automated/software testing programs 2.2 Given a scenario, use appropriate tools to analyze logs * Log analytics tools * Linux tools o grep o cut o diff * Windows tools o Find o WMIC o Event viewer * Scripting languages o Bash o Power shell * Log correlation o SIEMs 2.3 Given a scenario, use regular expressions to parse log files and locate meaningful data * Search types o Keyword searches o IP address searches o Special character searches o Port number searches * Search operators o & o | o ~ or ! o - o . o * o ? o + o ( ) o [ ] o $ o ^ o * Special operators o W o w o s o D o d o o c |
Domain 3: Active Asset and Network Analysis | 28% | 3.1 Given a scenario, use Windows tools to analyze incidents * Registry o REGEDIT * Key, Hives, Values, Value types * HKLM, HKCU o REGDUMP o AUTORUNS * Network o Wireshark o fport o netstat o ipconfig o nmap o tracert o net o nbtstat * File system o dir o pe explorer o disk utilization tool * Processes o TLIST o PROCMON o Process explorer * Services o Services.msc o Msconfig o Net start o Task scheduler * Volatile memory analysis * Active Directory tools 3.2 Given a scenario, use Linux-based tools to analyze incidents * Network o nmap o netstat o wireshark o tcpdump o traceroute o arp o ifconfig * File system o lsof o iperf o dd o disk utilization tool * Processes o htop o top o ps * Volatile memory o free * Session management o w,who o rwho o lastlog 3.3 Summarize methods and tools used for malware analysis * Methods o Sandboxing * Virtualization o Threat intelligence websites * Crowd source signature detection * Virus total * Reverse engineering tools o IDA o Ollydbg * General tools o strings o Antivirus o Malware scanners 3.4 Given a scenario, analyze common indicators of potential compromise * Unauthorized programs in startup menu * Malicious software o Presence of attack tools * Registry entries * Excessive bandwidth usage * Off hours usage * New administrator/user accounts * Guest account usage * Unknown open ports * Unknown use of protocols * Service disruption * Website defacement *Unauthorized changes/modifications o Suspicious files * Recipient of suspicious emails * Unauthorized sessions * Failed logins * Rogue hardware |
Domain 4: Incident Response Lifecycle | 20% | 4.1 Explain the importance of best practices in preparation for incident response * Preparation and planning o Up-to-date contact lists o Up-to-date toolkit * Ongoing training o Incident responder o Incident response team o Management o Tabletop (theoretical) exercises * Communication methods o Secure channels o Out of band communications * Organizational documentation o Policies o Procedures o Incident response plan * Escalation procedures o Chain of command * Industry standards for incident response 4.2 Given a scenario, execute incident response process * Preparation * Identification o Detection/analysis o Collection * Containment * Eradication * Recovery * Post incident o Lessons learned * Root cause analysis o Reporting & documentation 4.3 Explain the importance of concepts that are unique to forensic analysis * Authorization to collect information * Legal defensibility o Chain of custody o Legally compliant tools * Encase * FTK * Forensics explorer * Confidentiality * Evidence preservation and evidence security * Digital * Imaging * Hashing o Physical * Secure rooms and facilities * Evidence bags * Lock boxes * Law enforcement involvement 4.4 Explain general mitigation methods and devices * Methods o System hardening * Deactivate unnecessary services * Patching o Updating internal security devices * Report malware signatures * Custom signatures o Block external sources of malware o DNS filtering o Blackhole routing o System and application isolation o Mobile device management o Application whitelist * Devices o Firewall o WAF o Switch o Routers o Proxy o Virtual Machine o Mobile o Desktop o Server |
Official Information | http://logicaloperations.com/media/uploads/downloads/cfr-210_exam_blueprint_final.pdf |
Updates in the Logical Operations CFR-210 Exam Topics:
Logical Operations CFR-210 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual Certified CyberSec First Responder CFR-210 exam on the first attempt, you need to put in hard work on these questions as they cover all updated Logical Operations CFR-210 exam topics included in the official syllabus. Besides studying actual questions, you should take the Logical Operations CFR-210 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the Certified CyberSec First Responder CFR-210 exam practice test. Online and Windows-based formats of the CFR-210 exam practice test are available for self-assessment.
- 50000+ Customers feedbacks involved in Products
- Customize your exam based on your objectives
- User-Friendly interface
- Exam History and Progress reports
- Self-Assessment Features
- Various Learning Modes