CFR-410

Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?A . Application B. Users C. Network infrastructure D. Configuration filesView AnswerAnswer: A Explanation: Reference: https://blog.qualys.com/securitylabs/2016/01/07/open-redirection-a-simple-vulnerability-threatens- your-web-applications

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?A . Conducting post-assessment tasks B. Determining scope C. Identifying critical assets D. Performing a vulnerability scanView AnswerAnswer: C

Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?A . There may be duplicate computer names on the network. B. The computer name may not be admissible evidence in court. C. Domain Name System (DNS) records...

Which of the following technologies would reduce the risk of a successful SQL injection attack?A . Reverse proxy B. Web application firewall C. Stateful firewall D. Web content filteringView AnswerAnswer: B Explanation: Reference: http://www.enterprisenetworkingplanet.com/netsecur/article.php/3866756/10-Ways-to-Prevent-or- Mitigate-SQL-Injection-Attacks.htm

An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?A . Password sniffing B. Brute force attack C. Rainbow tables D. Dictionary attackView AnswerAnswer: C

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?A . Internet Relay Chat (IRC) B. Dnscat2 C. Custom channel...

A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?A . Exploits B. Security C. Asset D. ProbabilityView AnswerAnswer: C Explanation: Reference: https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-commonly-mixed-up-terms/

According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator’s group. Which of the following actions should the security administrator take?A . Review the system log on the affected workstation....

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?A . 3 months B. 6 months C. 1 year D. 5 yearsView AnswerAnswer: C Explanation: Reference: https://www.pcisecuritystandards.org/documents/Prioritized-Approach-for-PCI_DSS-v3_2.pdf

An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?A . Data loss prevention (DLP) B. Firewall C. Web proxy D. File integrity monitoringView AnswerAnswer:...