[Jan-2022] 312-39 Exam Dumps Pass with Updated 2022 Certified SOC Analyst (CSA)
Free 312-39 Exam Dumps to Pass Exam Easily
Exam Info
The EC-Council 312-39 test contains 100 questions and the individuals have 3 hours for their completion. The exam consists of the multiple-choice questions and the candidates must achieve the passing score of 70% to qualify for the certificate.
NEW QUESTION 59
Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.
- A. 1 and 2
- B. 3 and 1
- C. 1 and 4
- D. 2 and 3
Answer: C
NEW QUESTION 60
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?
- A. Incident Triage -> Eradication -> Containment -> Incident Recording -> Preparation -> Recovery -> Post-Incident Activities
- B. Incident Recording -> Preparation -> Containment -> Incident Triage -> Recovery -> Eradication -> Post-Incident Activities
- C. Preparation -> Incident Recording -> Incident Triage -> Containment -> Eradication -> Recovery -> Post-Incident Activities
- D. Containment -> Incident Recording -> Incident Triage -> Preparation -> Recovery -> Eradication -> Post-Incident Activities
Answer: C
NEW QUESTION 61
Which of the following attack can be eradicated by filtering improper XML syntax?
- A. Insufficient Logging and Monitoring Attacks
- B. Web Services Attacks
- C. SQL Injection Attacks
- D. CAPTCHA Attacks
Answer: C
NEW QUESTION 62
Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.
He is at which stage of the threat intelligence life cycle?
- A. Processing and Exploitation
- B. Collection
- C. Dissemination and Integration
- D. Analysis and Production
Answer: A
NEW QUESTION 63
Which of the following Windows event is logged every time when a user tries to access the "Registry" key?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 64
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
- A. SystemDrive%\ inetpub\LogFiles\logs\W3SVCN
- B. SystemDrive%\LogFiles\inetpub\logs\W3SVCN
- C. SystemDrive%\inetpub\logs\LogFiles\W3SVCN
- D. %SystemDrive%\LogFiles\logs\W3SVCN
Answer: B
NEW QUESTION 65
Which of the following formula represents the risk?
- A. Risk = Likelihood * Impact * Severity
- B. Risk = Likelihood * Impact * Asset Value
- C. Risk = Likelihood * Consequence * Severity
- D. Risk = Likelihood * Severity * Asset Value
Answer: C
NEW QUESTION 66
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.
- A. Parameter Tampering Attack
- B. SQL Injection Attack
- C. Session Fixation Attack
- D. Denial-of-Service Attack
Answer: C
NEW QUESTION 67
Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?
- A. Covering Tracks Attempt
- B. Concurrent VPN Connections Attempt
- C. DNS Exfiltration Attempt
- D. DHCP Starvation Attempt
Answer: C
NEW QUESTION 68
Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?
- A. DoS Attack
- B. Ransomware Attack
- C. File Injection Attack
- D. DHCP starvation Attack
Answer: B
NEW QUESTION 69
Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.
Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?
- A. Threat buy-in
- B. Threat boosting
- C. Threat pivoting
- D. Threat trending
Answer: A
NEW QUESTION 70
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?
- A. Planning and budgeting -> Physical location and structural design considerations -> Forensics lab licensing ->Work area considerations -> Human resource considerations -> Physical security recommendations
- B. Planning and budgeting -> Physical location and structural design considerations -> Work area considerations -> Human resource considerations -> Physical security recommendations -> Forensics lab licensing
- C. Planning and budgeting -> Physical location and structural design considerations-> Forensics lab licensing -> Human resource considerations -> Work area considerations -> Physical security recommendations
- D. Planning and budgeting -> Forensics lab licensing -> Physical location and structural design considerations -> Work area considerations -> Physical security recommendations -> Human resource considerations
Answer: B
NEW QUESTION 71
Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?
- A. Firewall
- B. Honeypot
- C. Intrusion Detection System
- D. De-Militarized Zone (DMZ)
Answer: B
NEW QUESTION 72
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
- A. /etc/ossim/siem/server/reputation/data
- B. /etc/siem/ossim/server/reputation.data
- C. /etc/ossim/server/reputation.data
- D. /etc/ossim/reputation
Answer: D
NEW QUESTION 73
Which of the following Windows features is used to enable Security Auditing in Windows?
- A. Local Group Policy Editor
- B. Windows Defender
- C. Bitlocker
- D. Windows Firewall
Answer: A
NEW QUESTION 74
Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?
- A. Rate Limiting
- B. Throttling
- C. Ingress Filtering
- D. Egress Filtering
Answer: C
NEW QUESTION 75
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?
- A. Apache/ Web Server logs with IP addresses and Host Name.
- B. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
- C. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
- D. DNS/ Web Server logs with IP addresses.
Answer: A
NEW QUESTION 76
Which of the following Windows Event Id will help you monitors file sharing across the network?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 77
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?
- A. Switch Logs
- B. Web Server Logs
- C. Router Logs
- D. Windows Event Log
Answer: B
NEW QUESTION 78
Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?
- A. Critical condition message
- B. Warning condition message
- C. Normal but significant message
- D. Informational message
Answer: B
NEW QUESTION 79
Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.
- A. Ransomware Attack
- B. DoS Attack
- C. Man-In-Middle Attack
- D. Reconnaissance Attack
Answer: D
NEW QUESTION 80
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.
- A. Security Engineer
- B. Chief Information Security Officer (CISO)
- C. Security Analyst - L2
- D. Security Analyst - L1
Answer: B
NEW QUESTION 81
Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?
- A. DARPA
- B. HIPAA
- C. PCI-DSS
- D. FISMA
Answer: C
NEW QUESTION 82
Identify the HTTP status codes that represents the server error.
- A. 2XX
- B. 1XX
- C. 4XX
- D. 5XX
Answer: D
NEW QUESTION 83
......
What Does It Cover?
The EC-Council 312-39 exam is built around the topic areas listed below:
- Enhanced Incident Detection with Threat Intelligence;
- Incident Response.
- Incidents, Events, and Logging;
- Understanding Cyber Threats, IoCs, and Attack Methodology;
- Security Operations & Management;
- Incident Detection with Security Information and Event Management (SIEM);
312-39 Exam Dumps, 312-39 Practice Test Questions: https://www.real4dumps.com/312-39_examcollection.html
Free 312-39 Study Guides Exam Questions & Answer: https://drive.google.com/open?id=1qbKUak7BMYUNYqZRbPm4WtJBS9A2_4Z2
