312-39 Exam - Certified SOC Analyst (CSA)

  1. Home
  2. EC-Council
  3. 312-39 Dumps

certleader.com

It is impossible to pass EC-Council 312-39 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed EC-Council 312-39 practice questions. You will get a surprising result by our Update Certified SOC Analyst (CSA) practice guides.

Online 312-39 free questions and answers of New Version:

NEW QUESTION 1
What does the HTTP status codes 1XX represents?

  • A. Informational message
  • B. Client error
  • C. Success
  • D. Redirection

Answer: A

NEW QUESTION 2
The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?

  • A. Tactical Threat Intelligence
  • B. Strategic Threat Intelligence
  • C. Functional Threat Intelligence
  • D. Operational Threat Intelligence

Answer: B

NEW QUESTION 3
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

  • A. Containment –> Incident Recording –> Incident Triage –> Preparation –> Recovery –> Eradication –> Post-Incident Activities
  • B. Preparation –> Incident Recording –> Incident Triage –> Containment –> Eradication –> Recovery –> Post-Incident Activities
  • C. Incident Triage –> Eradication –> Containment –> Incident Recording –> Preparation –> Recovery –> Post-Incident Activities
  • D. Incident Recording –> Preparation –> Containment –> Incident Triage –> Recovery –> Eradication –> Post-Incident Activities

Answer: B

NEW QUESTION 4
Which of the following formula represents the risk levels?

  • A. Level of risk = Consequence × Severity
  • B. Level of risk = Consequence × Impact
  • C. Level of risk = Consequence × Likelihood
  • D. Level of risk = Consequence × Asset Value

Answer: B

NEW QUESTION 5
Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

  • A. Load Balancing
  • B. Rate Limiting
  • C. Black Hole Filtering
  • D. Drop Requests

Answer: C

NEW QUESTION 6
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs. What does these TTPs refer to?

  • A. Tactics, Techniques, and Procedures
  • B. Tactics, Threats, and Procedures
  • C. Targets, Threats, and Process
  • D. Tactics, Targets, and Process

Answer: A

NEW QUESTION 7
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

  • A. Command Injection Attacks
  • B. SQL Injection Attacks
  • C. File Injection Attacks
  • D. LDAP Injection Attacks

Answer: B

NEW QUESTION 8
Which of the following contains the performance measures, and proper project and time management details?

  • A. Incident Response Policy
  • B. Incident Response Tactics
  • C. Incident Response Process
  • D. Incident Response Procedures

Answer: D

NEW QUESTION 9
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

  • A. Rule-based detection
  • B. Heuristic-based detection
  • C. Anomaly-based detection
  • D. Signature-based detection

Answer: C

NEW QUESTION 10
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?

  • A. show logging | access 210
  • B. show logging | forward 210
  • C. show logging | include 210
  • D. show logging | route 210

Answer: C

NEW QUESTION 11
Which of the following directory will contain logs related to printer access?

  • A. /var/log/cups/Printer_log file
  • B. /var/log/cups/access_log file
  • C. /var/log/cups/accesslog file
  • D. /var/log/cups/Printeraccess_log file

Answer: A

NEW QUESTION 12
What does Windows event ID 4740 indicate?

  • A. A user account was locked out.
  • B. A user account was disabled.
  • C. A user account was enabled.
  • D. A user account was created.

Answer: A

NEW QUESTION 13
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

  • A. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
  • B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
  • C. DNS/ Web Server logs with IP addresses.
  • D. Apache/ Web Server logs with IP addresses and Host Name.

Answer: D

NEW QUESTION 14
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

  • A. High
  • B. Extreme
  • C. Low
  • D. Medium

Answer: C

NEW QUESTION 15
Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?

  • A. Egress Filtering
  • B. Throttling
  • C. Rate Limiting
  • D. Ingress Filtering

Answer: A

NEW QUESTION 16
Which of the log storage method arranges event logs in the form of a circular buffer?

  • A. FIFO
  • B. LIFO
  • C. non-wrapping
  • D. wrapping

Answer: A

NEW QUESTION 17
......

P.S. Dumps-hub.com now are offering 100% pass ensure 312-39 dumps! All 312-39 exam questions have been updated with correct answers: https://www.dumps-hub.com/312-39-dumps.html (100 New Questions)


© All pages Copyright to by dumpslabs.com. All rights reserved. thedumpscentre.com