Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?
A. Application
B. Users
C. Network infrastructure
D. Configuration files
Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
A. Generating reports
B. Establishing scope
C. Conducting an audit
D. Assessing exposures
Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
A. Blue team exercise
B. Business continuity exercise
C. Tabletop exercise
D. Red team exercise
Which of the following security best practices should a web developer reference when developing a new web-based application?
A. Control Objectives for Information and Related Technology (COBIT)
B. Risk Management Framework (RMF)
C. World Wide Web Consortium (W3C)
D. Open Web Application Security Project (OWASP)
Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
A. Security and evaluating the electronic crime scene.
B. Transporting the evidence to the forensics lab
C. Packaging the electronic device
D. Conducting preliminary interviews
During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
A. Conducting post-assessment tasks
B. Determining scope
C. Identifying critical assets
D. Performing a vulnerability scan
Which of the following are well-known methods that are used to protect evidence during the forensics process? (Choose three.)
A. Evidence bags
B. Lock box
C. Caution tape
D. Security envelope
E. Secure rooms
F. Faraday boxes
A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
-Running antivirus scans on the affected user machines
-
Checking department membership of affected users
-
Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
-
Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?
A. Identification
B. Preparation
C. Recovery
D. Containment
A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be PRIMARY focus of the incident response team?
A. Restore service and eliminate the business impact.
B. Determine effective policy changes.
C. Inform the company board about the incident.
D. Contact the city police for official investigation.
Senior management has stated that antivirus software must be installed on all employee workstations. Which of the following does this statement BEST describe?
A. Guideline
B. Procedure
C. Policy
D. Standard
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CertNexus exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CFR-310 exam preparations and CertNexus certification application, do not hesitate to visit our Vcedump.com to find your solutions here.