CyberSec First Responder Exam (CFR-210)

The CyberSec First Responder (CFR-210) exam target audience should have at least 2-5 years of experience working in a networking environment as a first responder. You should have the knowledge and skills required to effectively detect, identify and respond to malicious activities involving data systems. Additionally, you will have the foundational knowledge to deal with a changing threat landscape and will be able to perform root cause analysis, determine scope, accurately report results and recommend remediation actions.

To ensure exam candidates possess the above mentioned knowledge, skills, and abilities, the CFR-210 exam will test them on the following objective domains with the following weightings:

  • Threat Landscape 25%
  • Passive Data-Driven Analysis 27%
  • Active Asset and Network Analysis 28%
  • Incident Response Lifecycle 20%

Exam Specifications

Number of items: 100

Duration: 120 minutes

Exam Options: In person at PearsonVUE testing centers

Item Formats: Multiple Choice/Multiple Response/Drag-and-Drop


Before attempting the exam, It is strongly recommended that you first possess the knowledge, skills and abilities to do the following:

  • Attend CyberSec First Responder (CFR): Threat Detection & Response (CFR)
  • Assess information security risk in computing and network environments
  • Analyze the cybersecurity landscape
  • Analyze reconnaissance threats to computing and network environments
  • Analyze attacks on computing and network environments
  • Analyze post-attack techniques on computing and network environments
  • Evaluate an organization’s security posture within a risk management framework
  • Collect cybersecurity intelligence
  • Analyze data collected from security and event logs
  • Perform active analysis on assets and networks
  • Respond to cybersecurity incidents
  • Investigate cybersecurity incidents

Exams and recommended training