This page was exported from Best Free Exam Guide [ http://free.exams4sures.com ]

Export date:Sat Mar 15 8:04:21 2025 / +0000 GMT

___________________________________________________


Title: [Q53-Q75] Sep-2023 Realistic 312-39 Accurate &amp; Verified Answers As Experienced in the Actual Test!

---------------------------------------------------


 Sep-2023 Realistic 312-39 Accurate &amp; Verified Answers As Experienced in the Actual Test!
Latest EC-COUNCIL 312-39 Practice Test Questions, Certified SOC Analyst (CSA) Exam Dumps


EC-COUNCIL 312-39 certification exam is a valuable credential for individuals who are looking to advance their career in the security field and demonstrate their expertise in the area of SOC analysis. With the right preparation and dedication, candidates can successfully pass the exam and take their career to the next level.
&nbsp;


QUESTION 53Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.What would be her next action according to the SOC workflow?
&nbsp;She should immediately escalate this issue to the management
&nbsp;She should immediately contact the network administrator to solve the problem
&nbsp;She should communicate this incident to the media immediately
&nbsp;She should formally raise a ticket and forward it to the IRT
QUESTION 54The Syslog message severity levels are labelled from level 0 to level 7.What does level 0 indicate?
&nbsp;Alert
&nbsp;Notification
&nbsp;Emergency
&nbsp;Debugging
QUESTION 55Which of the following formula represents the risk levels?
&nbsp;Level of risk = Consequence * Severity
&nbsp;Level of risk = Consequence * Impact
&nbsp;Level of risk = Consequence * Likelihood
&nbsp;Level of risk = Consequence * Asset Value
QUESTION 56Which of the following formula is used to calculate the EPS of the organization?
&nbsp;EPS = average number of correlated events / time in seconds
&nbsp;EPS = number of normalized events / time in seconds
&nbsp;EPS = number of security events / time in seconds
&nbsp;EPS = number of correlated events / time in seconds
QUESTION 57Which of the following formula represents the risk levels?
&nbsp;Level of risk = Consequence * Severity
&nbsp;Level of risk = Consequence * Impact
&nbsp;Level of risk = Consequence * Likelihood
&nbsp;Level of risk = Consequence * Asset Value
QUESTION 58Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.What does this event log indicate?
&nbsp;Directory Traversal Attack
&nbsp;XSS Attack
&nbsp;SQL Injection Attack
&nbsp;Parameter Tampering Attack
QUESTION 59John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.Which of the following data source will he use to prepare the dashboard?
&nbsp;DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
&nbsp;IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
&nbsp;DNS/ Web Server logs with IP addresses.
&nbsp;Apache/ Web Server logs with IP addresses and Host Name.
QUESTION 60InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.Identify the job role of John.
&nbsp;Security Analyst &#8211; L1
&nbsp;Chief Information Security Officer (CISO)
&nbsp;Security Engineer
&nbsp;Security Analyst &#8211; L2
QUESTION 61Which of the following contains the performance measures, and proper project and time management details?
&nbsp;Incident Response Policy
&nbsp;Incident Response Tactics
&nbsp;Incident Response Process
&nbsp;Incident Response Procedures
QUESTION 62According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?NOTE: It is mandatory to answer the question before proceeding to the next one.
&nbsp;High
&nbsp;Extreme
&nbsp;Low
&nbsp;Medium
QUESTION 63Which of the log storage method arranges event logs in the form of a circular buffer?
&nbsp;FIFO
&nbsp;LIFO
&nbsp;non-wrapping
&nbsp;wrapping
QUESTION 64Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.What does this event log indicate?
&nbsp;Parameter Tampering Attack
&nbsp;XSS Attack
&nbsp;Directory Traversal Attack
&nbsp;SQL Injection Attack
QUESTION 65Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
&nbsp;SystemDrive%inetpublogsLogFilesW3SVCN
&nbsp;SystemDrive%LogFilesinetpublogsW3SVCN
&nbsp;%SystemDrive%LogFileslogsW3SVCN
&nbsp;SystemDrive% inetpubLogFileslogsW3SVCN
QUESTION 66Which of the following attack can be eradicated by disabling of &#8220;allow_url_fopen and allow_url_include&#8221; in the php.ini file?
&nbsp;File Injection Attacks
&nbsp;URL Injection Attacks
&nbsp;LDAP Injection Attacks
&nbsp;Command Injection Attacks
QUESTION 67In which phase of Lockheed Martin&#8217;s &#8211; Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
&nbsp;Reconnaissance
&nbsp;Delivery
&nbsp;Weaponization
&nbsp;Exploitation
QUESTION 68John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(.|(%|%25)2E)(.|(%|%25)2E)(/|(%|%25)2F||(%|%25)5C)/i.What does this event log indicate?
&nbsp;XSS Attack
&nbsp;SQL injection Attack
&nbsp;Directory Traversal Attack
&nbsp;Parameter Tampering Attack
QUESTION 69Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.
&nbsp;Dictionary Attack
&nbsp;Rainbow Table Attack
&nbsp;Bruteforce Attack
&nbsp;Syllable Attack
QUESTION 70Bonney&#8217;s system has been compromised by a gruesome malware.What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
&nbsp;Complaint to police in a formal way regarding the incident
&nbsp;Turn off the infected machine
&nbsp;Leave it to the network administrators to handle
&nbsp;Call the legal department in the organization and inform about the incident
QUESTION 71Which of the following are the responsibilities of SIEM Agents?1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.
&nbsp;1 and 2
&nbsp;2 and 3
&nbsp;1 and 4
&nbsp;3 and 1
QUESTION 72Which of the following factors determine the choice of SIEM architecture?
&nbsp;SMTP Configuration
&nbsp;DHCP Configuration
&nbsp;DNS Configuration
&nbsp;Network Topology
QUESTION 73Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
&nbsp;$ tailf /var/log/sys/kern.log
&nbsp;$ tailf /var/log/kern.log
&nbsp;# tailf /var/log/messages
&nbsp;# tailf /var/log/sys/messages
QUESTION 74Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.What Chloe is looking at?
&nbsp;Error log
&nbsp;System boot log
&nbsp;General message and system-related stuff
&nbsp;Login records
QUESTION 75Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /w*((%27)|(&#8216;))((%6F)|o|(%4F))((%72)|r|(%52))/ix.What does this event log indicate?
&nbsp;SQL Injection Attack
&nbsp;Parameter Tampering Attack
&nbsp;XSS Attack
&nbsp;Directory Traversal Attack
&nbsp;Loading &#8230;


EC-COUNCIL 312-39 certification exam, also known as the Certified SOC Analyst (CSA) exam, is designed for individuals who want to validate their skills and knowledge in the field of security operations center (SOC) analysis. 312-39 exam covers various topics related to SOC operations, including threat detection and response, incident management, and vulnerability management. Certified SOC Analyst (CSA) certification is recognized globally and is highly sought after by employers looking for skilled SOC analysts.
&nbsp;

Free 312-39 Exam Files Downloaded Instantly 100% Dumps &amp; Practice Exam: https://www.exams4sures.com/EC-COUNCIL/312-39-practice-exam-dumps.html


---------------------------------------------------


Images: https://free.exams4sures.com/wp-content/plugins/watu/loading.gif
https://free.exams4sures.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------


---------------------------------------------------


Post date: 2023-09-12 16:52:16

Post date GMT: 2023-09-12 16:52:16

Post modified date: 2023-09-12 16:52:16

Post modified date GMT: 2023-09-12 16:52:16