Latest 312-39 Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : 312-39
Exam Name : EC-Council Certified SOC Analyst (CSA) certification
Vendor Name :
"EC-COUNCIL"

Download Full Version of 312-39

---

312-39 Dumps

312-39 Braindumps

312-39 Real Questions

312-39 Practice Test

312-39 Actual Questions

killexams.com EC-COUNCIL 312-39

EC-Council Certified SOC Analyst (CSA) certification

https://killexams.com/pass4sure/exam-detail/312-39

Question: 14

In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

1. rule-based

2. pull-based

3. push-based

4. signature-based

Answer: C
Question: 15

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/wtmp. What Chloe is looking at?

1. Error log

2. System boot log

3. General message and system-related stuff

4. Login records

Answer: D

Explanation:

Reference: https://stackify.com/linux-logs/

Question: 16

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

1. /etc/ossim/reputation

2. /etc/ossim/siem/server/reputation/data

3. /etc/siem/ossim/server/reputation.data

4. /etc/ossim/server/reputation.data

Answer: D
Question: 17

According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

1. Create a Chain of Custody Document

2. Send it to the nearby police station

3. Set a Forensic lab

4. Call Organizational Disciplinary Team

Answer: A
Question: 18

Which of the following command is used to enable logging in iptables?

1. $ iptables -B INPUT -j LOG

2. $ iptables -A OUTPUT -j LOG

3. $ iptables -A INPUT -j LOG

4. $ iptables -B OUTPUT -j LOG

Answer: C
Question: 19

Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.

What filter should Peter add to the 'show logging' command to get the required output?

1. show logging | access 210

2. show logging | forward 210

3. show logging | include 210

4. show logging | route 210

Answer: C
Question: 20

What does the HTTP status codes 1XX represents?

1. Informational message

2. Client error

3. Success

4. Redirection

Answer: A

Explanation: Reference:

https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#:~:text=1xx%20informational%20response%20C%20the%20request,syntax%20or%20cannot%20be%20fulfilled

Question: 21

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

1. threat_note

2. MagicTree

3. IntelMQ

4. Malstrom

Answer: B
Question: 22

Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.

What is Ray and his team doing?

1. Blocking the Attacks

2. Diverting the Traffic

3. Degrading the services

4. Absorbing the Attack

Answer: D
Question: 23

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex

/\w*((%27)|(â))((%6F)|o|(%4F))((%72)|r|(%52))/ix.

What does this event log indicate?

1. SQL Injection Attack

2. Parameter Tampering Attack

3. XSS Attack

4. Directory Traversal Attack

Answer: A

Explanation:

Reference: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=001f5e09-88b4-4a9a- b310-4c20578eecf9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

Question: 24

Bonney's system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

1. Complaint to police in a formal way regarding the incident

2. Turn off the infected machine

3. Leave it to the network administrators to handle

4. Call the legal department in the organization and inform about the incident

Answer: B
Question: 25

Which of the log storage method arranges event logs in the form of a circular buffer?

1. FIFO

2. LIFO

3. non-wrapping

4. wrapping

Answer: D

Explanation:

Reference: https://en.wikipedia.org/wiki/Circular_buffer

Question: 26

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to answer the question before proceeding to the next one.

1. High

2. Extreme

3. Low

4. Medium

Answer: B
Question: 27

Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

What does this event log indicate?

1. Directory Traversal Attack

2. XSS Attack

3. SQL Injection Attack

4. Parameter Tampering Attack

Answer: D

Explanation:

Reference: https://infosecwriteups.com/what-is-parameter-tampering-5b1beb12c5ba

Question: 28

The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk. What kind of threat intelligence described above?

1. Tactical Threat Intelligence

2. Strategic Threat Intelligence

3. Functional Threat Intelligence

4. Operational Threat Intelligence

Answer: B

Explanation:

Reference: https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/threat-intelligence/what-is-threat-intelligence/

Question: 29

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.

Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10

Identify the attack depicted in the above scenario.

1. Denial-of-Service Attack

2. SQL Injection Attack

3. Parameter Tampering Attack

4. Session Fixation Attack

Answer: C
Question: 30

An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.

Which SIEM deployment architecture will the organization adopt?

1. Cloud, MSSP Managed

2. Self-hosted, Jointly Managed

3. Self-hosted, MSSP Managed

4. Self-hosted, Self-Managed

Answer: C
Question: 31

Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

1. Load Balancing

2. Rate Limiting

3. Black Hole Filtering

4. Drop Requests

Answer: C

Explanation:

Reference: https://en.wikipedia.org/wiki/Black_hole_(networking)#:~:text=In%20networking%2C%20black% 20holes%20refer,not%20reach%20its%20intended%20recipient.

Question: 32

Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

1. Containment

2. Data Collection

3. Eradication

4. Identification

Answer: A
Question: 33

Which of the following tool is used to recover from web application incident?

1. CrowdStrike FalconTM Orchestrator

2. Symantec Secure Web Gateway

3. Smoothwall SWG

4. Proxy Workbench

Answer: A
Question: 34

Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?

1. Keywords

2. Task Category

3. Level

4. Source

Answer: A
Question: 35

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

1. $ tailf /var/log/sys/kern.log

2. $ tailf /var/log/kern.log

3. # tailf /var/log/messages

4. # tailf /var/log/sys/messages

Answer: B

Explanation:

Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/

User: Micha***** The exam material for 312-39 is outlined nicely to help you get ready in a short period. Killexams.com questions and answers helped me score 88%, answering all the questions within 90 minutes of time. The 312-39 exam paper had diverse test material in the commercial enterprise region, making it challenging for me to choose the right one. However, after my brother suggested Killexams.com Questions and Answers, I did not look for any other resources. Thank you, Killexams.com, for your assistance.

User: Sevastia***** I found the platform to be extremely helpful in obtaining my certification. Their material is beneficial, and the exam simulator accurately reproduces the actual exam. Using their test material, I passed the exam smoothly without any unsavory surprises. Thank you.

User: Vladimir***** I am extremely grateful to Killexams.com for helping me pass the 312-39 exam. This is, without a doubt, the most effective system for passing the exam. I started using this study kit three weeks before the exam, and it worked wonders for me. I scored an impressive 89%, which is a testament to the effectiveness of the Killexams.com Questions and Answers. With this study kit, I was able to complete the exam within the allotted time.

User: Renata***** Thanks to the Killexams.com Questions and Answers aid, I was able to pass the 312-39 exam with a score of 93%. The questions were very similar to what I had studied, and I am grateful for the assistance provided by this website.

User: Hattie***** I thank Killexams.com Brain practice tests for helping me pass the 312-39 exam with 91% marks. I only had 12 days of training time, but with their question and answer material, I was able to achieve such a high score. Their beneficial guide has been a great help, and I wish all the best to the crew members for all their endeavors.

---