Login Signup

info@zetlantechnologies.com +91-8680961847

/ CertNexus Certification / First Responder Certification

Cybersec First Responder

CyberSec First Responder® (CFR) is a comprehensive, in-demand certification designed to validate the knowledge and skills required to protect these critical information systems before, during, and after an incident.

Cybersec First Responder

CyberSec First Responder® (CFR) is a comprehensive, in-demand certification designed to validate the knowledge and skills required to protect these critical information systems before, during, and after an incident.

Cybersecurity Jobs

System Administrator
Network Administrator
Help Desk Technician
Information System Technician
Incident Responder
Incident Response Analyst
Cyber Crime Investigator
IT Auditor
Information Security and IT Auditor
Systems Analyst
Network Analyst
Incident Analyst
Security Analyst
Network Security Engineer
Information Assurance Analyst
Network Defense Technician
Network Administrator
Information Systems Security Engineer

CFR Exam Details

This exam will certify that the candidate can identify, assess, respond to, and protect against security threats and operate a system and network security analysis platform.

The CFR exam is accredited under the ISO/IEC 17024:2012 standard and is approved by the U.S. Department of Defense (DoD) to fulfill Directive 8570/8140 requirements.

TARGET CANDIDATE

Individuals with between 3 and 5 years of experience working in a computing environment as part of a CERT/CSIRT/SOC who protect critical information systems before, during, and after an incident.

EXAM CODES

CFR-410*

LAUNCH DATE

March 2022

SUNSET DATE

TBD

EXAM DURATION

120 minutes (including 5 minutes for Candidate Agreement and 5 minutes for Pearson VUE tutorial)

PASSING SCORE

70% or 73% depending on exam form. (Note: Forms have been statistically equated.)

NUMBER OF ITEMS

80

ITEM FORMATS

Multiple Choice/Multiple Response

EXAM OPTIONS

In person at Pearson VUE test centers or online via Pearson OnVUE online proctoring

Why Get CyberSec First Responder Certified

CyberSec First Responder (CFR) has emerged as the industry standard for those desiring to confirm their abilities to prepare for, defend against, and respond to cybersecurity incident in an ever-evolving threat landscape.

PROVE YOUR SKILLS

Validate a foundational knowledge of security concepts, common threats, protective steps, and effective responses to security events.

LEAD KNOWLEDGEABLE SECURITY EXPERTS

Verify that applicants and team members have the requisite skills and ability to continuously and consistently identify, assess, and minimize risks and vulnerabilities, while effectively communicating recommended remediation steps with your team and leadership.

Cybersecurity Training

To respond effectively to cybersecurity threats and attacks, you require hands-on practice. CertNexus CFR training discusses key security concepts and actions while providing ample opportunities to practice the required skills of a cybersecurity professional.

Course Details

1. Identify Assets

Asset identification tools

Active
Passive

Tools

Nessus
Nmap
Network monitoring tools

Operating system information

macOS
Windows
Linux/Unix
Android
iOS

Determine which tools to use for each part of the network
Network topology and architecture information
Data flow
Vulnerable ports
SPAN ports and TAP devices for live packet capture

2. Identify Factors that Affect the Tasking

Identify relevant policies and procedures
Collect artifacts and evidence based on volatility level
Review service level agreements (SLAs)
Network scanning
Assets and underlying risks
Data collection
Data analytics and e-discovery
Monitor threats and vulnerabilities

CVSS
CVE
CWE
CAPEC

Threat modeling
Identify TTPs

3. Identify and evaluate vulnerabilities and threat actors.

Vulnerability scanning tools
Threat targets

Individuals
Non-profit associations
Corporations
Governments
Critical Infrastructure
Systems

Mobile
IoT
SCADA
ICS
PLC
Threat actors
Threat motives/reasons
Threat Intent
Attack Phases
Attack Vectors
Technique Criteria

4. Identify Applicable Compliance

Privacy laws, standards, and regulations

GDPR
HIPAA
COPPA
GLBA
CAN-SPAM
National privacy laws

Frameworks

NIST Privacy Framework
ISO/IEC 27000 series
ISO 29100
AICPA Generally Accepted Privacy Principles (GAPP)

Best practices

Federal Trade Commission

5. Identify Applicable Standards

Security laws, standards, and regulations

ISO/IEC 27000 series
ANSI/ISA-62443
NIST Special Publication 800 Series
Standard of Good Practice from ISF
NERC 1300
RFC 2196
PCI DSS
SSAE 18

Frameworks

NIST Cybersecurity Framework
CIS Critical Security Controls
COBIT
NIST Special Publication 800-61
DoD Risk Management Framework (RMF)
IT Assurance Framework (ITAF)
OWASP
MITRE
CAPEC
CSA

6. Identify and Conduct Vulnerability

Critical assets and data
Establish scope
Determine vulnerability assessment frequency
Identify common areas of vulnerability
Users
Internal acceptable use policies
Operating systems
Applications

Networking software

Network operations and management
Firewall
Network security applications

Database software

Network devices

Access points
Routers
Wireless routers
Switches
Firewall
Modems
NAT (Network Address Translation)

Network infrastructure

Network configurations
Network services

DSL
Wireless protocols
IP addressing
Configuration files
IoT
Regulatory requirements
Changes to the system
Determine scanning criteria
IoC information
Perform a vulnerability assessment

Determine scanning criteria
Utilize scanning tools
Identify and assess exposures
Generate reports

Conduct post-assessment tasks

Remediate/mitigate vulnerabilities
Recovery planning processes and procedures

Hardening
Patches
Exceptions documented

Conduct audit/validate action was taken

7. Establish Relationships Between Internal Teams

Formal policies that drive these internal and external relationships and engagements
SLAs
Communication policies and procedures
Points of contact and methods of contact
Vendor agreements, NDAs, and vendor assessment questionnaires
Privacy rules and laws
Understanding of relevant law enforcement agencies

8. Analyze and report system security posture trends.

Data analytics
Prioritize the risk observations and formulate remediation steps
Analyze security system logs, tools, and data
Threats and vulnerabilities
Intrusion prevention systems and tools
Security vulnerability databases

CVE
CVSS
OSVDB

Discover vulnerabilities in information systems
Create reports and document evidence

9. Security Policies to meet the System’s Cybersecurity

Cybersecurity policies and procedures

Acceptable use policy
Network access control (NAC)
Disaster recovery and business continuity plans
Remote work policies

Active Directory Group Policy Objects (GPOs)
Best practices in hardening techniques
Threats and vulnerabilities
Security laws, standards, and regulations
Risk management principles
Attack methods and techniques

Footprinting
Scanning
Enumeration
Gaining access
Web attacks
Password attacks
Wireless attacks
Social engineering
Man-in-the-middle
Malware
Out of band

DoS

DDoS
Resource exhaustion
Forced system outage
Packet generators

10. Collaborate across Internal and External Organizational

Organizational structure
Internal teams
Personnel roles and responsibilities
Communication policies and procedures
Knowledge sharing processes
Conflict management
SLAs
Relationships with external stakeholders

Law enforcement
Vendors

11. Employ Approved Defence-in-Depth

Intrusion Prevention or Detection Systems (IDS/IPS)
Firewalls
Network Segmentation
Endpoint Detection and Response (EDR)
Account Management

The Principle of Least Privilege
Separation of duties
Password policy enforcement
Active directory hygiene

Patch management
Mobile Device Management (MDM)

12. Develop and implement cybersecurity independent audit processes

Identify assets
Cybersecurity policies and procedures
Data security policies
Cybersecurity auditing processes and procedures
Audit objectives
Network structure
Compliance standards
Document and communicate results

13. Ensure that Plans of Action are in place for Vulnerabilities

Review assessments, audits, and inspections
Analyze critical issues for action
Develop plans of action
Specify success criteria
Remediation planning
Resource implications
Monitoring procedures

14. Protect organizational resources through security updates.

Cybersecurity policies and procedures
Software updates
Scope
Attributes
Vulnerabilities
Firmware updates
Scope
Attributes
Vulnerabilities
Software patches

15. Protect Identity Management and Access Control

Enterprise resources
Access control
Authentication systems
Remote-access monitoring
Cybersecurity policies and procedures
Identity management
Authorization
Infrastructure/physical security
Physical security controls
User credentials

16. Analyze common indicators of potential compromise

Analyze security system logs, security tools, and data
IP networking/ IP resolving
DoS attacks/ DDoS attacks
Security Vulnerability Databases
Intrusion Detection Systems
Network encryption
SSL decryption
SIEM
Firewalls
DLP
IPS
IDS
Evaluate and interpret metadata
Malware
Network topology
Anomalies

False positives
Superhuman logins/geo-velocity
APT activity
Botnets

Unauthorized programs in the startup menu
Malicious software

Presence of attack tools

Registry entries
Unusual network traffic

Bandwidth usage
Malicious network communication

Off-hours usage
New administrator/user accounts
Guest account usage
Unknown open ports
Unknown use of protocols
Service disruption
Website defacement
Unauthorized changes/modifications

Suspicious files
Patches

Recipient of suspicious emails
Unauthorized sessions
Failed logins
Rogue hardware

17. Perform Analysis of Log Files from Various Sources

Log collection

Agent-based
Agentless
Syslog

Log auditing

Source validation
Verification of log integrity
Evidence collection

Log enrichment

IP address and hostname resolution
Field name consistency
Time zones

Alerts, reports, and event correlation

Threat hunting
Long tail analysis
Intrusion detection
Behavioural monitoring

Log retention

Industry compliance/regulatory requirements

Log aggregator and analytics tools

SIEM

Linux tools

grep
cut
diff

Windows tools

Find
WMIC
Event Viewer

Scripting languages

Bash
PowerShell
Data sources
Network-based
WAP logs
WIPS logs
Controller logs
Packet capture
Traffic log
Flow data
Device state data
SDN
Host-based
Linux syslog
Application logs

Cloud

Audit logs

Threat feeds

18. Provide Timely Detection, Identification, and Alerting

Asset discovery methods and tools
Alerting systems
Intrusion Prevention or Detection Systems (IDS/IPS)
Firewalls
Endpoint Detection and Response (EDR)
Common indicators of potential compromise, anomalies, and patterns
Analysis tools
Document and communicate results
Communication and documentation policies and processes
Security incident reports

Description
Potential impact
Sensitivity of information
Logs

Escalation processes and procedures

Specific technical processes
Techniques
Checklists
Forms

Incident response teams
Levels of Authority
Personnel roles and responsibilities
Document and communicate results
Post exploitation tools and tactics

Command and control
Data exfiltration
Pivoting
Lateral movement
Persistence/maintaining access
Keylogging
Anti-forensics
Covering tracks

Prioritization or severity ratings of incidents
Communication policies and procedures
Levels of Authority
Communicate recommended courses of action and countermeasures
Incident response plans and processes
Communication with internal and external stakeholders
Personnel roles and responsibilities
Incident reporting
Containment Methods

Allowlist/blocklist
IDS/IPS rules configuration
Network segmentation
Web content filtering
Port blocking

Containment Tools

Firewall
IDS/IPS
Web proxy
Anti-malware
Endpoint security solutions

Windows tools to analyze incidents

Registry
Network
File system
Malware
Processes
Services
Volatile memory
Active Directory tools

Linux-based tools to analyze incidents

Network
File system
Malware
Processes
Volatile memory
Session management

Evidence collection, preservation, and security

Digital
Physical

Chain of custody
Forensic investigation

Static analysis
Dynamic analysis

Forensic collection and analysis tools

FTK
EnCase
eDiscovery
Forensic Explorer
Kali Linux Forensic Mode
CAINE
SANS SIFT
Volatility
Binalyze AIR

Forensically sound duplicates
Document and communicate results

19. Correlate Incident Data and Create Reports.

Logs
Data analysis
Intrusion Prevention or Detection Systems (IDS/IPS)
Forensics analysis
Correlation analysis
Event correlation tools and techniques
Root cause analysis
Alerting systems
Incident reports
Document and communicate results
Escalation procedures

Chain of command

Organizational systems and processes

Policies
Procedures
Incident response plan
Security configuration controls
Baseline configurations
Hardening documentation
Document measures implemented

Threat actors

Patterns of activity
Methods

Tactics

Early stages of the campaign
Key facts of the infrastructure
Artifacts and tools used

Techniques

Technological
Non-technological

Procedures
Communication policies and procedures
Internal communication methods

Secure channels
Out-of-band communications

External communication guidelines

Local law enforcement
Stockholders
Breach victims
Media
Other CERTs/CSIRTs
Vendors

Post-incident

Root cause analysis
After Action Report (AAR)
Lessons learned
Reporting and documentation

Analyze incident reports
Execute recovery planning processes and procedures
Document and communicate results
Security requirements of systems
System interoperability and integration
Prevention & mitigation

Actions
Processes
Tools and technologies
Devices
Systems

Safeguards

Security features
Management constraints
Personnel security
Physical structures, areas, and devices

Memory forensics analysis/tools

Volatility

Data sources and disk images
Analysis of digital evidence
Hardware and software tools
File copying techniques

Logical backup
Bit stream imaging

File modification, access, and creation times
Forensic recordkeeping

Automated audit trails
Chain of custody

Forensic investigation
Forensic collection and analysis tools
Recovery planning processes
Contingency planning
Systems and assets
Lessons learned
Review of existing strategies
Implement improvements
Document and communicate reports, lessons learned, and advice for recovery, contingency, and continuity of operations plans

Video Packages
Online Live Class

Fees Structure :	22500 INR / 270 USD
Total No of Class :	182 Video Class
Class Duration :	82:30 Working Hours
Download Feature :	Download Avalable
Technical Support :	Call / Whatsapp : +91 8680961847
Working Hours :	Monday to Firday 9 AM to 6 PM
Payment Mode :	Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Brochure Buy Now Sample Demo

Fees Structure :	30500 INR / 365 USD
Class Duration :	60 Days
Class Recording :	Live Class Recording available
Class Time :	Monday to Firday 1.5 hours per day / Weekend 3 Hours per day
Technical Support :	Call / Whatsapp : +91 8680961847
Working Hours :	Monday to Firday 9 AM to 6 PM
Payment Mode :	Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Download Brochure Pay Online

Information Technologies

More Info

About Us Contact Us Privacy Policy Terms & Condition Refund Policy FAQs & Help

Account

My Account Course Details Shopping Cart Wishlist Order History Payment Details

Zetlan Technologies, All right reserved.