[Jan-2022] EC-COUNCIL 312-39 Exam Practice Test Questions - TestSimulate
Updated Certification Exam 312-39 Dumps - Practice Test Questions
Which Are Additional Must-Have Revision Materials?
To fully prepare for test 312-39, find the three best options described below:
- CSA Textbook by EC-Council
The CSA Textbook is available at the EC-Council iClass learning platform and it is one of the best resources you can use to prepare for the final exam. It costs $277 but on the downside, it only ships to the US and Canada. Get a PDF copy of this book if you don’t come from these regions and attain the excellent grades in the real CSA test that you have always dreamt of.
- EC-Council Certified SOC Analyst (CSA) Package by EC-Council
The EC-Council Certified SOC Analyst (CSA) is a prep bundle that’s directly linked to the CSA 312-39 exam. It costs $1,199 and can be purchased from the EC-Council iClass training platform. The complete package comes with the following materials:
- Instructor-led training modules with one year of access;
- Official e-courseware with one year of access;
- iLabs with 6-month access;
- Exam voucher;
- Certificate of completion.
- Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson
This is a detailed guide that’s written to help candidates study for and pass the EC-Council 312-39 exam. It goes for about $26 at Amazon and focuses on the creation, maintenance, and management of a continuous cybersecurity incident response program through a practical approach. Here, the author acknowledges the fact that surviving a security breach requires some mentality and through such a book, you will obtain the practical skills and guidance you need to build just that. This, in particular, involves the steps needed to contain, eradicate, and get over a security incident. So, the guide views incident response as a continuous process and emphasizes the importance of understanding the company’s environment, the strengths of an existing team & program as well as the vulnerabilities. That being said, here’s a summary of what you will cover using this manual:
- Planning and Practicing;
- Detection;
- Containment;
- Eradication;
- Post-incident actions.
NEW QUESTION 55
Which of the following Windows Event Id will help you monitors file sharing across the network?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 56
If the SIEM generates the following four alerts at the same time:
I.Firewall blocking traffic from getting into the network alerts
II.SQL injection attempt alerts
III.Data deletion attempt alerts
IV.Brute-force attempt alerts
Which alert should be given least priority as per effective alert triaging?
- A. II
- B. I
- C. IV
- D. III
Answer: B
NEW QUESTION 57
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?
- A. Cloud, MSSP Managed
- B. Self-hosted, Self-Managed
- C. Self-hosted, MSSP Managed
- D. Self-hosted, Jointly Managed
Answer: C
NEW QUESTION 58
Which of the following factors determine the choice of SIEM architecture?
- A. SMTP Configuration
- B. DNS Configuration
- C. DHCP Configuration
- D. Network Topology
Answer: B
NEW QUESTION 59
Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?
- A. URL Injection Attacks
- B. File Injection Attacks
- C. Command Injection Attacks
- D. LDAP Injection Attacks
Answer: A
NEW QUESTION 60
What is the correct sequence of SOC Workflow?
- A. Collect, Ingest, Validate, Report, Respond, Document
- B. Collect, Ingest, Validate, Document, Report, Respond
- C. Collect, Ingest, Document, Validate, Report, Respond
- D. Collect, Respond, Validate, Ingest, Report, Document
Answer: B
NEW QUESTION 61
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
- A. IntelMQ
- B. threat_note
- C. Malstrom
- D. MagicTree
Answer: A
NEW QUESTION 62
Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.
He is at which stage of the threat intelligence life cycle?
- A. Processing and Exploitation
- B. Collection
- C. Dissemination and Integration
- D. Analysis and Production
Answer: A
NEW QUESTION 63
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?
- A. True Negative Incidents
- B. False positive Incidents
- C. True Positive Incidents
- D. False Negative Incidents
Answer: A
NEW QUESTION 64
Which of the following Windows features is used to enable Security Auditing in Windows?
- A. Local Group Policy Editor
- B. Windows Defender
- C. Bitlocker
- D. Windows Firewall
Answer: A
NEW QUESTION 65
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.
- A. Security Engineer
- B. Chief Information Security Officer (CISO)
- C. Security Analyst - L2
- D. Security Analyst - L1
Answer: B
NEW QUESTION 66
An organization is implementing and deploying the SIEM with following capabilities.
What kind of SIEM deployment architecture the organization is planning to implement?
- A. Self-hosted, Self-Managed
- B. Cloud, MSSP Managed
- C. Self-hosted, Jointly Managed
- D. Self-hosted, MSSP Managed
Answer: B
NEW QUESTION 67
Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?
- A. Allow serialization for security-sensitive classes
- B. Deserialization of trusted data must cross a trust boundary
- C. Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes
- D. Understand the security permissions given to serialization and deserialization
Answer: A
NEW QUESTION 68
Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.
- A. Failure Audit
- B. Warning
- C. Error
- D. Information
Answer: B
NEW QUESTION 69
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?
- A. Tactics, Threats, and Procedures
- B. Targets, Threats, and Process
- C. Tactics, Targets, and Process
- D. Tactics, Techniques, and Procedures
Answer: D
NEW QUESTION 70
What is the process of monitoring and capturing all data packets passing through a given network using different tools?
- A. Port Scanning
- B. DNS Footprinting
- C. Network Sniffing
- D. Network Scanning
Answer: C
NEW QUESTION 71
Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?
- A. She should communicate this incident to the media immediately
- B. She should immediately contact the network administrator to solve the problem
- C. She should formally raise a ticket and forward it to the IRT
- D. She should immediately escalate this issue to the management
Answer: B
NEW QUESTION 72
An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company's URL as follows:
http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>.
Identify the attack demonstrated in the above scenario.
- A. Cross-site Scripting Attack
- B. Session Attack
- C. SQL Injection Attack
- D. Denial-of-Service Attack
Answer: B
NEW QUESTION 73
Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?
- A. SQL Injection Attack
- B. Parameter Tampering Attack
- C. XSS Attack
- D. Directory Traversal Attack
Answer: A
NEW QUESTION 74
Which encoding replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?
- A. Base64 Encoding
- B. URL Encoding
- C. UTF Encoding
- D. Unicode Encoding
Answer: B
NEW QUESTION 75
What does the Security Log Event ID 4624 of Windows 10 indicate?
- A. Service added to the endpoint
- B. A share was assessed
- C. New process executed
- D. An account was successfully logged on
Answer: D
NEW QUESTION 76
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
- A. show logging | forward 210
- B. show logging | route 210
- C. show logging | include 210
- D. show logging | access 210
Answer: C
NEW QUESTION 77
......
EC-COUNCIL 312-39 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
Updated Verified 312-39 dumps Q&As - Pass Guarantee or Full Refund: https://www.testsimulate.com/312-39-study-materials.html