Free CFR-210 Practice Test Questions and Answers (2026) | Cert Empire

A security analyst would like to parse through several SQL logs for indicators of compromise. The analyst is aware that none of the fields should contain a string of text longer than 30 characters; however, the analyst is unaware if there are any implemented controls to prevent such an overflow. Which of the following BEST describes the regular expression the analyst should use to find any alphanumeric character string?

During review of a company’s web server logs, the following items are discovered: 2015-03-01 03:32:11 www.example.com/index.asp?id=-999 or 1=convert(int,@@version)— 2015-03-01 03:35:33 www.example.com/index.asp?id=-999 or 1=convert(int,db_name())— 2015-03-01 03:38:25 www.example.com/index.asp?id=-999 or 1=convert(int,user_name())— Which of the following is depicted in the log example above?

Which of the following describes pivoting?

An attack was performed on a company’s web server, disabling the company’s website. The incident response team’s investigation produced the following: 1. Presence of malicious code installed on employees’ workstations. 2. Excessive UDP datagrams sent to a single address. 3. Web server received excessive UDP datagrams from multiple internal hosts. 4. Network experienced high traffic after 3:00 pm. 5. Employee workstations sent large traffic bursts when employees accessed the internal timecard application. Which of the following BEST describes the attack tool used to perform the attack?

Which of the following could an attacker use to perpetrate a social engineering attack? (Choose two.)

A hacker’s end goal is to target the Chief Financial Officer (CFO) of a bank. Which of the following describes this social engineering tactic?

A Windows system user reports seeing a command prompt window pop up briefly during each login. In which of the following locations would an incident responder check to explain this activity?

A computer attacker has compromised a system by implanting a script that will send 10B packages over port 150. This port is also used for sending heartbeat messages to a central monitoring server. Which of the following BEST describes the tactic used to execute this attack?

An alert has been triggered identifying a new application running on a Windows server. Which of the following tools can be used to identify the application? (Choose two.)

When investigating a wireless attack, which of the following can be obtained from the DHCP server?