1. Home
  2. Logical Operations
  3. CFR-210 CFR Exam Syllabus

Logical Operations CFR-210 Exam Syllabus

Logical Operations CFR-210 Exam

Certified CyberSec First Responder

Total Questions: 90

What is Included in the Logical Operations CFR-210 Exam?

Authentic information about the syllabus and an effective study guide is essential to go through the Logical Operations CFR-210 exam in the first attempt. The study guide of Study4Exam provides you with comprehensive information about the syllabus of the Logical Operations CFR-210 exam. You should get this information at the start of your preparation because it helps you make an effective study plan. We have designed this Logical Operations Certified CyberSec First Responder certification exam preparation guide to give the exam overview, practice questions, practice test, prerequisites, and information about exam topics that help to go through the Logical Operations Certified CyberSec First Responder (2022) exam. We recommend you to the preparation material mentioned in this study guide to cover the entire Logical Operations CFR-210 syllabus. Study4Exam offers 3 formats of Logical Operations CFR-210 exam preparation material. Each format provides new practice questions in PDF format, web-based and desktop practice exams to get passing marks in the first attempt.

Logical Operations CFR-210 Exam Overview :

Exam Name Certified CyberSec First Responder
Exam Code CFR-210
Actual Exam Duration 120 minutes
Expected no. of Questions in Actual Exam 100
Official Information http://logicaloperations.com/media/uploads/downloads/cfr-210_exam_blueprint_final.pdf
See Expected Questions Logical Operations CFR-210 Expected Questions in Actual Exam
Take Self-Assessment Use Logical Operations CFR-210 Practice Test to Assess your preparation - Save Time and Reduce Chances of Failure

Logical Operations CFR-210 Exam Topics :

Section Weight Objectives
Domain 1: Threat Landscape 25% 1.1 Compare and contrast various threats and classify threat profiles

    * Threat actors
        o Script kiddies
        o Recreational hackers
        o Professional hackers
        o Hacktivists
        o Cyber criminals
        o State sponsored hackers
        o Terrorists
        o Insider

    * Threat motives
        o Desire for money
        o Desire for power
        o Fun/thrill/exploration
        o Reputation/recognition
        o Association/affiliation

    * Threat intent
        o Blackmail
        o Theft
        o Espionage
        o Revenge
        o Hacktivism/political
        o Defamation of character

    * Attack vector
        o Vulnerabilities
        o Exploits
        o Techniques

    * Technique criteria
        o Targeted/non-targeted
        o Direct/indirect
        o Stealth/non-stealth
        o Client-side/server-sid*
    * Understanding qualitative risk and impact
1.2 Explain the purpose and use of attack tools and techniques

    * Footprinting
        o Open source intelligence
        o Closed source intelligence
    * Scanning
        o Port scanning
        o Vulnerability scanning

    * Targeted vulnerability scanners vs. general vulnerability scanners
        o Network scanning
        o Web app scanning
    * Enumeration
        o User enumeration
        o Application enumeration
        o Email enumeration
        o War dialing
    * Gaining access
        o Exploitation frameworks
        o Client side attacks

    * Application exploits
    * Browser exploits
        o Server side attacks
        o Mobile
    * Malicious apps
    * Malicious texts
    * Hijacking/rooting
        o Web attacks
    * CSRF
    * SQL injection
    * Directory traversal
    * LFI/RFI
    * Command injection
        o Password attacks
    * Password cracking
    * Brute forcing
    * Password guessing
    * Password dictionary
    * Rainbow tables

    * Password sniffing
        o Wireless attacks

    * Wireless cracking
    * Wireless client attacks

    * Infrastructure attacks
        o Social engineering
        o Man-in-the-middle

    * ARP spoofing
    * ICMP redirect
    * DHCP spoofing
    * NBNS spoofing
    * Session hijacking

    * DNS poisoning
        o Malware

    * Trojan
    * Malvertisement
    * Virus

    * Worm
        o Out of band

    * OEM supply chain
    * Watering hole

    * Denial of Service
        o DDoS
        o Resource exhaustion
        o Forced system outage
        o Packet generators
1.3 Explain the purpose and use of post exploitation tools and tactics

    * Command and control
        o IRC
        o HTTP/S
        o DNS
        o Custom channels
        o ICMP
    * Data exfiltration
        o Covert channels
        o File sharing services

    * Pivoting
        o VPN
        o SSH tunnels
        o Routing tables

    * Lateral movement
        o Pass the hash
        o Golden ticket
        o psexec
        o wmic
        o Remote access services

    * Persistence/maintaining access
        o Rootkits
        o Backdoors
        o Hardware backdoor
        o Rogue accounts
        o Logic bombs

    * Keylogging
    * Anti-forensics
        o Golden ticket
        o Buffer overflows against forensics tools
        o Packers
        o Virtual machine detection
        o Sandbox detection
        o ADS
        o Shredding
        o Memory residents

    * Covering your tracks
        o Log wipers

1.4 Explain the purpose and use of social engineering tactics
    * Phishing
        o Phishing variations
    * Spear phishing
    * Whaling
    * Vishing
        o Delivery mediums
    * Email
    * IM

    * Post card

    * Text
    * QR code
    * Social networking sites
        o Common components
    * Spoofing messages
    * Rogue domains
    * Malicious links
    * Malicious attachments
    * Shoulder surfing
    * Tailgating
    * Face-to-face interaction
    * Fake portals/malicious websites
1.5 Given a scenario, perform ongoing threat landscape research and use data to prepare for incidents

    * Latest technologies, vulnerabilities, threats and exploits
    * Utilize trend data to determine likelihood and threat attribution
    * New tools/prevention techniques
    * Data gathering/research tools
        o Journals
        o Vulnerability databases
        o Books
        o Blogs
        o Intelligence feeds
        o Security advisories
        o Social network sites
    * Common targeted assets
        o Financial information
        o Credit card numbers
        o Account information
        o Intellectual Property
        o PHI
        o PII
Domain 2: Passive Data-Driven Analysis 27% 2.1 Explain the purpose and characteristics of various data sources

    * Network-based
        o Device configuration file(s)
        o Firewall logs
        o WAF logs
        o IDS/IPS logs
        o Switch logs
        o Router logs
        o Carrier provider logs
        o Proxy logs
        o Wireless

    * WAP logs
    * WIPS logs
    * Controller logs
        o Network sniffer
    * Packet capture
    * Traffic log
    * Flow data
        o Device state data
    * CAM tables
    * Routing tables
    * NAT tables
   * DNS cache
    * ARP cache
        o SDN
    * Host-based
        o System logs
        o Service logs
    * SSH logs
    * Time
    * Crypto protocol
     * User
    * Success/failure
    * HTTP logs
    * HTTP methods (get, post)
    * Status codes
    * Headers
    * User agents
    * SQL logs
    * Access logs
    * Query strings
    * SMTP logs
    * FTP logs
    * DNS logs
    * Suspicious lookups
    * Suspicious domains
    * Types of DNS queries
        o Windows event logs
    * App log
    * System log

    * Security log
        o Linux syslog
        o Application logs
    * Browser
    * HIPS logs
    * AV logs
    * Integrity checker
    * Vulnerability testing data
        o Third party data
        o Automated/software testing programs
2.2 Given a scenario, use appropriate tools to analyze logs
    * Log analytics tools
    * Linux tools
        o grep
        o cut
        o diff

    * Windows tools
        o Find
        o WMIC
        o Event viewer

    * Scripting languages
        o Bash
        o Power shell

    * Log correlation
    o SIEMs
2.3 Given a scenario, use regular expressions to parse log files and locate meaningful data
    * Search types
        o Keyword searches
        o IP address searches
        o Special character searches
        o Port number searches

    * Search operators
        o &
        o |
        o ~ or !
        o -
        o .
        o *
        o ?
        o +
        o ( )
        o [ ]
        o $
        o ^
        o \

    * Special operators
        o \W
        o \w
        o \s
        o \D
        o \d
        o \b
        o \c
Domain 3: Active Asset and Network Analysis 28% 3.1 Given a scenario, use Windows tools to analyze incidents

    * Registry
        o REGEDIT
    * Key, Hives, Values, Value types
    * HKLM, HKCU
        o REGDUMP
        o AUTORUNS
    * Network
        o Wireshark
        o fport
        o netstat
        o ipconfig
        o nmap
        o tracert
        o net
        o nbtstat

    * File system
        o dir
        o pe explorer
        o disk utilization tool
    * Processes
        o TLIST
        o PROCMON
        o Process explorer
    * Services
        o Services.msc
        o Msconfig
        o Net start
        o Task scheduler

    * Volatile memory analysis
    * Active Directory tools
3.2 Given a scenario, use Linux-based tools to analyze incidents
    * Network
        o nmap
        o netstat
        o wireshark
        o tcpdump
        o traceroute
        o arp
        o ifconfig

    * File system
        o lsof
        o iperf
        o dd
        o disk utilization tool

    * Processes
        o htop
        o top
        o ps
    * Volatile memory
    o free
    * Session management
        o w,who
        o rwho
        o lastlog
3.3 Summarize methods and tools used for malware analysis

    * Methods
        o Sandboxing
    * Virtualization
        o Threat intelligence websites
    * Crowd source signature detection
    * Virus total

    * Reverse engineering tools
        o IDA
        o Ollydbg

    * General tools
        o strings
        o Antivirus
        o Malware scanners

3.4 Given a scenario, analyze common indicators of potential compromise

    * Unauthorized programs in startup menu
    * Malicious software
        o Presence of attack tools

    * Registry entries
    * Excessive bandwidth usage
    * Off hours usage
    * New administrator/user accounts
    * Guest account usage
    * Unknown open ports
    * Unknown use of protocols
    * Service disruption
    * Website defacement
    *Unauthorized changes/modifications
        o Suspicious files

    * Recipient of suspicious emails
    * Unauthorized sessions
    * Failed logins
    * Rogue hardware
Domain 4: Incident Response Lifecycle 20% 4.1 Explain the importance of best practices in preparation for incident response

    * Preparation and planning
        o Up-to-date contact lists
        o Up-to-date toolkit

    * Ongoing training
        o Incident responder
        o Incident response team
        o Management
        o Tabletop (theoretical) exercises
    * Communication methods
        o Secure channels
        o Out of band communications
    * Organizational documentation
        o Policies  
        o Procedures
        o Incident response plan

    * Escalation procedures
        o Chain of command

    * Industry standards for incident response
4.2 Given a scenario, execute incident response process
    * Preparation
    * Identification
        o Detection/analysis
        o Collection
    * Containment
    * Eradication
    * Recovery
    * Post incident
        o Lessons learned
    * Root cause analysis
        o Reporting & documentation
4.3 Explain the importance of concepts that are unique to forensic analysis

    * Authorization to collect information
    * Legal defensibility
        o Chain of custody
        o Legally compliant tools
    * Encase
    * FTK
    * Forensics explorer
    * Confidentiality
    * Evidence preservation and evidence security
    * Digital
    * Imaging
    * Hashing
        o Physical

    * Secure rooms and facilities
    * Evidence bags
    * Lock boxes
    * Law enforcement involvement
4.4 Explain general mitigation methods and devices

    * Methods
        o System hardening
    * Deactivate unnecessary services

    * Patching
        o Updating internal security devices

    * Report malware signatures

    * Custom signatures
        o Block external sources of malware
        o DNS filtering
        o Blackhole routing
        o System and application isolation
        o Mobile device management
        o Application whitelist

    * Devices     
        o Firewall
        o WAF
        o Switch
        o Routers
        o Proxy
        o Virtual Machine
        o Mobile
        o Desktop
        o Server

Updates in the Logical Operations CFR-210 Exam Syllabus:

Logical Operations CFR-210 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual Certified CyberSec First Responder CFR-210 exam on the first attempt, you need to put in hard work on these Logical Operations CFR-210 questions that provide updated information about the entire exam syllabus. Besides studying actual questions, you should take the Logical Operations CFR-210 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the Certified CyberSec First Responder CFR-210 exam practice test. Online and windows-based formats of the CFR-210 exam practice test are available for self-assessment.