312-39 Demo and Sample
Note: Answers are below each question.
Samples are taken from full version.
Latest 312-39 Exam Questions and Practice Tests 2024 - Killexams.com
312-39 Dumps
312-39 Braindumps
312-39 Real Questions
312-39 Practice Test
312-39 Actual Questions
EC-COUNCIL
312-39
EC-Council Certified SOC Analyst (CSA) certification
https://killexams.com/pass4sure/exam-detail/312-39
Question: 14
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.
rule-based
pull-based
push-based
signature-based
Answer: C Question: 15
Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/wtmp. What Chloe is looking at?
Error log
System boot log
General message and system-related stuff
Login records
Answer: D
Explanation:
Reference: https://stackify.com/linux-logs/
Question: 16
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
/etc/ossim/reputation
/etc/ossim/siem/server/reputation/data
/etc/siem/ossim/server/reputation.data
/etc/ossim/server/reputation.data
Answer: D Question: 17
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?
Create a Chain of Custody Document
Send it to the nearby police station
Set a Forensic lab
Call Organizational Disciplinary Team
Answer: A Question: 18
Which of the following command is used to enable logging in iptables?
$ iptables -B INPUT -j LOG
$ iptables -A OUTPUT -j LOG
$ iptables -A INPUT -j LOG
$ iptables -B OUTPUT -j LOG
Answer: C Question: 19
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
show logging | access 210
show logging | forward 210
show logging | include 210
show logging | route 210
Answer: C Question: 20
What does the HTTP status codes 1XX represents?
Informational message
Client error
Success
Redirection
Answer: A
Explanation: Reference:
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#:~:text=1xx%20informational%20response%20C%20the%20request,syntax%20or%20cannot%20be%20fulfilled
Question: 21
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
threat_note
MagicTree
IntelMQ
Malstrom
Answer: B Question: 22
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?
Blocking the Attacks
Diverting the Traffic
Degrading the services
Absorbing the Attack
Answer: D Question: 23
Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex
/\w*((%27)|(â))((%6F)|o|(%4F))((%72)|r|(%52))/ix.
What does this event log indicate?
SQL Injection Attack
Parameter Tampering Attack
XSS Attack
Directory Traversal Attack
Answer: A
Explanation:
Reference: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=001f5e09-88b4-4a9a- b310-4c20578eecf9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments
Question: 24
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
Complaint to police in a formal way regarding the incident
Turn off the infected machine
Leave it to the network administrators to handle
Call the legal department in the organization and inform about the incident
Answer: B Question: 25
Which of the log storage method arranges event logs in the form of a circular buffer?
FIFO
LIFO
non-wrapping
wrapping
Answer: D
Explanation:
Reference: https://en.wikipedia.org/wiki/Circular_buffer
Question: 26
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to answer the question before proceeding to the next one.
High
Extreme
Low
Medium
Answer: B Question: 27
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.
What does this event log indicate?
Directory Traversal Attack
XSS Attack
SQL Injection Attack
Parameter Tampering Attack
Answer: D
Explanation:
Reference: https://infosecwriteups.com/what-is-parameter-tampering-5b1beb12c5ba
Question: 28
The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk. What kind of threat intelligence described above?
Tactical Threat Intelligence
Strategic Threat Intelligence
Functional Threat Intelligence
Operational Threat Intelligence
Answer: B
Explanation:
Reference: https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/threat-intelligence/what-is-threat-intelligence/
Question: 29
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10
Identify the attack depicted in the above scenario.
Denial-of-Service Attack
SQL Injection Attack
Parameter Tampering Attack
Session Fixation Attack
Answer: C Question: 30
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?
Cloud, MSSP Managed
Self-hosted, Jointly Managed
Self-hosted, MSSP Managed
Self-hosted, Self-Managed
Answer: C Question: 31
Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?
Load Balancing
Rate Limiting
Black Hole Filtering
Drop Requests
Answer: C
Explanation:
Reference: https://en.wikipedia.org/wiki/Black_hole_(networking)#:~:text=In%20networking%2C%20black% 20holes%20refer,not%20reach%20its%20intended%20recipient.
Question: 32
Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?
Containment
Data Collection
Eradication
Identification
Answer: A Question: 33
Which of the following tool is used to recover from web application incident?
CrowdStrike FalconTM Orchestrator
Symantec Secure Web Gateway
Smoothwall SWG
Proxy Workbench
Answer: A Question: 34
Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?
Keywords
Task Category
Level
Source
Answer: A Question: 35
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
$ tailf /var/log/sys/kern.log
$ tailf /var/log/kern.log
# tailf /var/log/messages
# tailf /var/log/sys/messages
Answer: B
Explanation:
Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/
6$03/( 48(67,216
7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV
.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP
$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP
([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP
3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV
*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV
8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV
7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\
'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU
.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG
View Practice Questions »