Practice EC-COUNCIL CSA 312-39 exam. Online Exam Practice Tests with detailed explanations! Pass 312-39 with confidence!
312-39 - Certified SOC Analyst (CSA) Practice Tests 2021 | Real4dumps
NEW QUESTION 49
Which of the following directory will contain logs related to printer access?
- A. /var/log/cups/Printeraccess_log file
- B. /var/log/cups/accesslog file
- C. /var/log/cups/access_log file
- D. /var/log/cups/Printer_log file
Answer: D
NEW QUESTION 50
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.
What does this event log indicate?
- A. Directory Traversal Attack
- B. XSS Attack
- C. SQL Injection Attack
- D. Parameter Tampering Attack
Answer: D
NEW QUESTION 51
Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?
- A. DHCP starvation Attack
- B. File Injection Attack
- C. DoS Attack
- D. Ransomware Attack
Answer: D
NEW QUESTION 52
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
- A. Turn off the infected machine
- B. Complaint to police in a formal way regarding the incident
- C. Call the legal department in the organization and inform about the incident
- D. Leave it to the network administrators to handle
Answer: A
NEW QUESTION 53
The Syslog message severity levels are labelled from level 0 to level 7.
What does level 0 indicate?
- A. Alert
- B. Debugging
- C. Emergency
- D. Notification
Answer: D
NEW QUESTION 54
Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the planned incident response capabilities.
What is he looking for?
- A. Incident Response Vision
- B. Incident Response Intelligence
- C. Incident Response Mission
- D. Incident Response Resources
Answer: D
NEW QUESTION 55
Which of the following factors determine the choice of SIEM architecture?
- A. DNS Configuration
- B. DHCP Configuration
- C. Network Topology
- D. SMTP Configuration
Answer: A
NEW QUESTION 56
Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?
- A. Directory Traversal Attack
- B. XSS Attack
- C. SQL Injection Attack
- D. Parameter Tampering Attack
Answer: C
NEW QUESTION 57
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
- A. /etc/ossim/reputation
- B. /etc/ossim/server/reputation.data
- C. /etc/siem/ossim/server/reputation.data
- D. /etc/ossim/siem/server/reputation/data
Answer: A
NEW QUESTION 58
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
- A. # tailf /var/log/sys/messages
- B. $ tailf /var/log/kern.log
- C. # tailf /var/log/messages
- D. $ tailf /var/log/sys/kern.log
Answer: B
NEW QUESTION 59
Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.
What Chloe is looking at?
- A. System boot log
- B. Login records
- C. Error log
- D. General message and system-related stuff
Answer: B
NEW QUESTION 60
Which of the following Windows event is logged every time when a user tries to access the "Registry" key?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 61
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.
- A. rule-based
- B. push-based
- C. pull-based
- D. signature-based
Answer: A
NEW QUESTION 62
Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?
- A. Session Management Attacks
- B. Broken Access Control Attacks
- C. XSS Attacks
- D. Web Services Attacks
Answer: C
NEW QUESTION 63
Which of the following formula represents the risk?
- A. Risk = Likelihood * Severity * Asset Value
- B. Risk = Likelihood * Impact * Severity
- C. Risk = Likelihood * Consequence * Severity
- D. Risk = Likelihood * Impact * Asset Value
Answer: C
NEW QUESTION 64
Which of the following Windows Event Id will help you monitors file sharing across the network?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 65
Which of the following is a Threat Intelligence Platform?
- A. Apility.io
- B. TC Complete
- C. SolarWinds MS
- D. Keepnote
Answer: C
NEW QUESTION 66
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?
- A. Absorbing the Attack
- B. Blocking the Attacks
- C. Diverting the Traffic
- D. Degrading the services
Answer: A
NEW QUESTION 67
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
- A. Anomaly-based detection
- B. Heuristic-based detection
- C. Signature-based detection
- D. Rule-based detection
Answer: A
NEW QUESTION 68
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd
- A. Directory Traversal Attack
- B. SQL Injection Attack
- C. Denial-of-Service Attack
- D. Form Tampering Attack
Answer: B
NEW QUESTION 69
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?
NOTE: It is mandatory to answer the question before proceeding to the next one.
- A. High
- B. Medium
- C. Extreme
- D. Low
Answer: A
NEW QUESTION 70
Which of the following tool is used to recover from web application incident?
- A. CrowdStrike FalconTM Orchestrator
- B. Proxy Workbench
- C. Symantec Secure Web Gateway
- D. Smoothwall SWG
Answer: C
NEW QUESTION 71
Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.
- A. 1 and 2
- B. 1 and 4
- C. 3 and 1
- D. 2 and 3
Answer: B
NEW QUESTION 72
......
Get instant access to 312-39 practice exam questions: https://drive.google.com/open?id=1LozIoxQj4_vhbTOEc3gOenNToxwlJiQL
The best 312-39 exam study material and preparation tool is here: https://www.real4dumps.com/312-39_examcollection.html
