Organizations considered "covered entities" are required to adhere to which compliance requirement?
A. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. Sarbanes-Oxley Act (SOX)
D. International Organization for Standardization (ISO) 27001
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
A. There may be duplicate computer names on the network.
B. The computer name may not be admissible evidence in court.
C. Domain Name System (DNS) records may have changed since the log was created.
D. There may be field name duplication when combining log files.
A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATTandCK matrix has the responder discovered?
A. Collection
B. Discovery
C. Lateral movement
D. Exfiltration
Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
A. Unusual network traffic
B. Unknown open ports
C. Poor network performance
D. Unknown use of protocols
When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
A. Browser logs
B. HTTP logs
C. System logs
D. Proxy logs
When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
A. DNS cache
B. ARP cache
C. CAM table
D. NAT table
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)
A. Hash value
B. Time stamp
C. Log type
D. Modified date/time
E. Log path
A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST likely used by the analyst for the initial discovery?
A. syslog
B. MSConfig
C. Event Viewer
D. Process Monitor
A Windows system administrator has received notification from a security analyst regarding new malware
that executes under the process name of "armageddon.exe" along with a request to audit all department
workstations for its presence.
In the absence of GUI-based tools, what command could the administrator execute to complete this task?
A. ps -ef | grep armageddon
B. top | grep armageddon
C. wmic process list brief | find "armageddon.exe"
D. wmic startup list full | find "armageddon.exe"
During a log review, an incident responder is attempting to process the proxy server's log files but finds that they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?
A. Hex editor, searching
B. tcpdump, indexing
C. PE Explorer, indexing
D. Notepad, searching
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CertNexus exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CFR-310 exam preparations and CertNexus certification application, do not hesitate to visit our Vcedump.com to find your solutions here.