Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CertNexus CFR-410 Exam - Topic 3 Question 1 Discussion

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:- Running antivirus scans on the affected user machines- Checking department membership of affected users- Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts- Checking network monitoring tools for anomalous activitiesWhich of the following phases of the incident response process match the actions taken?
A) Identification
B) Preparation
C) Recovery
D) Containment

CertNexus CFR-410 Exam - Topic 3 Question 1 Discussion

Actual exam question for CertNexus's CFR-410 exam
Question #: 1
Topic #: 3
[All CFR-410 Questions]

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:

- Running antivirus scans on the affected user machines

- Checking department membership of affected users

- Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

- Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Luisa at Oct 17, 2022, 01:53 PM

Limited Time Offer

25%

Off

Get Premium CFR-410 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leatha
7 months ago
I thought they’d be in Containment, but I guess it’s more about identifying first.
upvoted 0 times
...
Allene
7 months ago
Yup, checking alerts and scans is classic Identification work!
upvoted 0 times
...
Merri
7 months ago
Wait, are they really just checking for viruses? Seems too simple.
upvoted 0 times
...
Darrin
8 months ago
Definitely, those actions are all about figuring out what's wrong.
upvoted 0 times
...
Eugene
8 months ago
Sounds like they're in the Identification phase.
upvoted 0 times
...
Belen
8 months ago
I’m torn between Identification and Containment. They’re checking for alerts and anomalies, which feels like they’re trying to contain the issue, but maybe it’s more about figuring out what’s going on first?
upvoted 0 times
...
Melina
8 months ago
I remember a practice question where we had to match actions to incident response phases. This seems similar, and I think it leans towards Identification since they're gathering data on the issue.
upvoted 0 times
...
Dannette
8 months ago
I'm not so sure. It feels like they might also be preparing for a deeper investigation, but I guess that could fall under Identification too.
upvoted 0 times
...
Kenneth
8 months ago
I think the actions taken here are mostly about identifying the problem, right? So maybe it's the Identification phase?
upvoted 0 times
...
Ilona
8 months ago
Okay, I've got this! The VMware SDDC Health Monitoring Solution is focused on monitoring the overall health of the software-defined data center, so the correct answer is likely B. vRealize Network Insight, which is a component of the SDDC.
upvoted 0 times
...
Shannon
8 months ago
Okay, I've got it. Option A and D are the way to go. Setting up Lookup fields on the Account for each tier of relationship and adding relevant fields for Account Contact Relationship to the page layouts should do the trick.
upvoted 0 times
...

Save Cancel