This page was exported from Best Free Exam Guide [ http://free.exams4sures.com ] Export date:Sat Mar 15 5:33:38 2025 / +0000 GMT ___________________________________________________ Title: [Q53-Q75] Sep-2023 Realistic 312-39 Accurate & Verified Answers As Experienced in the Actual Test! --------------------------------------------------- Sep-2023 Realistic 312-39 Accurate & Verified Answers As Experienced in the Actual Test! Latest EC-COUNCIL 312-39 Practice Test Questions, Certified SOC Analyst (CSA) Exam Dumps EC-COUNCIL 312-39 certification exam is a valuable credential for individuals who are looking to advance their career in the security field and demonstrate their expertise in the area of SOC analysis. With the right preparation and dedication, candidates can successfully pass the exam and take their career to the next level.   QUESTION 53Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.What would be her next action according to the SOC workflow?  She should immediately escalate this issue to the management  She should immediately contact the network administrator to solve the problem  She should communicate this incident to the media immediately  She should formally raise a ticket and forward it to the IRT QUESTION 54The Syslog message severity levels are labelled from level 0 to level 7.What does level 0 indicate?  Alert  Notification  Emergency  Debugging QUESTION 55Which of the following formula represents the risk levels?  Level of risk = Consequence * Severity  Level of risk = Consequence * Impact  Level of risk = Consequence * Likelihood  Level of risk = Consequence * Asset Value QUESTION 56Which of the following formula is used to calculate the EPS of the organization?  EPS = average number of correlated events / time in seconds  EPS = number of normalized events / time in seconds  EPS = number of security events / time in seconds  EPS = number of correlated events / time in seconds QUESTION 57Which of the following formula represents the risk levels?  Level of risk = Consequence * Severity  Level of risk = Consequence * Impact  Level of risk = Consequence * Likelihood  Level of risk = Consequence * Asset Value QUESTION 58Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.What does this event log indicate?  Directory Traversal Attack  XSS Attack  SQL Injection Attack  Parameter Tampering Attack QUESTION 59John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.Which of the following data source will he use to prepare the dashboard?  DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.  IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.  DNS/ Web Server logs with IP addresses.  Apache/ Web Server logs with IP addresses and Host Name. QUESTION 60InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.Identify the job role of John.  Security Analyst – L1  Chief Information Security Officer (CISO)  Security Engineer  Security Analyst – L2 QUESTION 61Which of the following contains the performance measures, and proper project and time management details?  Incident Response Policy  Incident Response Tactics  Incident Response Process  Incident Response Procedures QUESTION 62According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?NOTE: It is mandatory to answer the question before proceeding to the next one.  High  Extreme  Low  Medium QUESTION 63Which of the log storage method arranges event logs in the form of a circular buffer?  FIFO  LIFO  non-wrapping  wrapping QUESTION 64Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.What does this event log indicate?  Parameter Tampering Attack  XSS Attack  Directory Traversal Attack  SQL Injection Attack QUESTION 65Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.Where will Harley find the web server logs, if he wants to investigate them for any anomalies?  SystemDrive%inetpublogsLogFilesW3SVCN  SystemDrive%LogFilesinetpublogsW3SVCN  %SystemDrive%LogFileslogsW3SVCN  SystemDrive% inetpubLogFileslogsW3SVCN QUESTION 66Which of the following attack can be eradicated by disabling of “allow_url_fopen and allow_url_include” in the php.ini file?  File Injection Attacks  URL Injection Attacks  LDAP Injection Attacks  Command Injection Attacks QUESTION 67In which phase of Lockheed Martin’s – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?  Reconnaissance  Delivery  Weaponization  Exploitation QUESTION 68John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(.|(%|%25)2E)(.|(%|%25)2E)(/|(%|%25)2F||(%|%25)5C)/i.What does this event log indicate?  XSS Attack  SQL injection Attack  Directory Traversal Attack  Parameter Tampering Attack QUESTION 69Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.  Dictionary Attack  Rainbow Table Attack  Bruteforce Attack  Syllable Attack QUESTION 70Bonney’s system has been compromised by a gruesome malware.What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?  Complaint to police in a formal way regarding the incident  Turn off the infected machine  Leave it to the network administrators to handle  Call the legal department in the organization and inform about the incident QUESTION 71Which of the following are the responsibilities of SIEM Agents?1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.  1 and 2  2 and 3  1 and 4  3 and 1 QUESTION 72Which of the following factors determine the choice of SIEM architecture?  SMTP Configuration  DHCP Configuration  DNS Configuration  Network Topology QUESTION 73Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?  $ tailf /var/log/sys/kern.log  $ tailf /var/log/kern.log  # tailf /var/log/messages  # tailf /var/log/sys/messages QUESTION 74Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.What Chloe is looking at?  Error log  System boot log  General message and system-related stuff  Login records QUESTION 75Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /w*((%27)|(‘))((%6F)|o|(%4F))((%72)|r|(%52))/ix.What does this event log indicate?  SQL Injection Attack  Parameter Tampering Attack  XSS Attack  Directory Traversal Attack  Loading … EC-COUNCIL 312-39 certification exam, also known as the Certified SOC Analyst (CSA) exam, is designed for individuals who want to validate their skills and knowledge in the field of security operations center (SOC) analysis. 312-39 exam covers various topics related to SOC operations, including threat detection and response, incident management, and vulnerability management. Certified SOC Analyst (CSA) certification is recognized globally and is highly sought after by employers looking for skilled SOC analysts.   Free 312-39 Exam Files Downloaded Instantly 100% Dumps & Practice Exam: https://www.exams4sures.com/EC-COUNCIL/312-39-practice-exam-dumps.html --------------------------------------------------- Images: https://free.exams4sures.com/wp-content/plugins/watu/loading.gif https://free.exams4sures.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-09-12 16:52:16 Post date GMT: 2023-09-12 16:52:16 Post modified date: 2023-09-12 16:52:16 Post modified date GMT: 2023-09-12 16:52:16