CyberSec First Responder

Here you have the best CertNexus CFR-310 practice exam questions

  • You have 100 total questions across 20 pages (5 per page)
  • These questions were last updated on March 4, 2026
  • This site is not affiliated with or endorsed by CertNexus.
Question 1 of 100
A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
Answer

Suggested Answer

The suggested answer is A, C.

To address the issue of a flood of SMTP traffic to internal clients, the goal is to block unwanted SMTP traffic while allowing it only to designated email servers. The correct commands are: (1) iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT, which allows SMTP traffic to a specific email server, and (2) iptables -A INPUT -p tcp –dport 25 -j DROP, which blocks all other incoming SMTP traffic. These measures ensure that only legitimate email server communications are permitted while preventing the flood from affecting other internal clients.

Community Votes3 votes
ACSuggested
67%
CE
33%
Question 2 of 100
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the ~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to accomplish?
Answer

Suggested Answer

The suggested answer is B.

The C code snippet provided in the question contains the 'shutdown /r /m' command, where the '/r' parameter specifies a reboot. The 'Start-Sleep -s 900' command indicates a sleep duration of 900 seconds. 900 seconds is equal to 15 minutes. Thus, the attacker aimed to taunt the user with a message and then trigger a reboot every 15 minutes.

Community Votes2 votes
BSuggested
50%
A
50%
Question 3 of 100
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
Answer

Suggested Answer

The suggested answer is A.

To capture traffic specifically between two hosts, the correct command would involve specifying both hosts in the tcpdump filter. The command 'tcpdump -i eth0 host 88.143.12.123' will capture all traffic to and from 88.143.12.123. Since tcpdump interprets 'host' as capturing traffic where either the source or destination matches the given IP address, and considering that the command is issued from the host 192.168.10.121, it ensures that all interactions between 192.168.10.121 and 88.143.12.123 are captured.

Community Votes3 votes
ASuggested
67%
C
33%
Question 4 of 100
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
Answer

Suggested Answer

The suggested answer is D.

To perform piecewise hashing, the analyst should use the tool 'hashdeep'. Hashdeep supports multiple hash functions and can perform piecewise hashing, which involves hashing large files by dividing them into smaller chunks. This feature is essential for forensic investigations to ensure data integrity and to manage large datasets efficiently.

Community Votes3 votes
DSuggested
67%
C
33%
Question 5 of 100
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?
Answer

Suggested Answer

The suggested answer is B.

Data loss prevention (DLP) is a cybersecurity solution that focuses on preventing sensitive data from being accessed, used, or transmitted improperly, especially by insiders. DLP systems monitor data movements and can block unauthorized access or transfer of sensitive information, making it an effective solution for mitigating insider threats.

Community Votes2 votes
BSuggested
100%

About the CertNexus CFR-310 Certification Exam

About the Exam

The CertNexus CFR-310 (CyberSec First Responder) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 100 practice questions across 20 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our CFR-310 questions are regularly updated to reflect the latest exam objectives.