A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
-Running antivirus scans on the affected user machines
-
Checking department membership of affected users
-
Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
-
Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?
A. Identification
B. Preparation
C. Recovery
D. Containment
According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
A. 3 months
B. 6 months
C. 1 year
D. 5 years
Senior management has stated that antivirus software must be installed on all employee workstations. Which of the following does this statement BEST describe?
A. Guideline
B. Procedure
C. Policy
D. Standard
Which of the following enables security personnel to have the BEST security incident recovery practices?
A. Crisis communication plan
B. Disaster recovery plan
C. Occupant emergency plan
D. Incident response plan
The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)
A. Providing a briefing to management
B. Updating policies and procedures
C. Training staff for future incidents
D. Investigating responsible staff
E. Drafting a recovery plan for the incident
Detailed step-by-step instructions to follow during a security incident are considered:
A. Policies
B. Guidelines
C. Procedures
D. Standards
An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?
A. Make an incident response plan.
B. Prepare incident response tools.
C. Isolate devices from the network.
D. Capture network traffic for analysis.
During an incident, the following actions have been taken:
-Executing the malware in a sandbox environment
-Reverse engineering the malware
-Conducting a behavior analysis
Based on the steps presented, which of the following incident handling processes has been taken?
A. Containment
B. Eradication
C. Recovery
D. Identification
An incident at a government agency has occurred and the following actions were taken:
-Users have regained access to email accounts
-Temporary VPN services have been removed
-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
-
Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
A.
Containment
B.
Post-incident
C.
Recovery
D. Identification
Organizations considered "covered entities" are required to adhere to which compliance requirement?
A. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. Sarbanes-Oxley Act (SOX)
D. International Organization for Standardization (ISO) 27001
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Logical Operations exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CFR-410 exam preparations and Logical Operations certification application, do not hesitate to visit our Vcedump.com to find your solutions here.