EC-Council Certified SOC Analyst (CSA) 312-39 Real Questions

test2022-08-04T07:16:22+00:00

By test 312-39 free dumps, 312-39 practice exam, 312-39 questions and answers, Certified SOC Analyst (CSA), EC-Council Certified SOC Analyst (CSA) 312-39 Real Questions 0 Comments

The best way to pass your EC-Council 312-39 exam can be found here. EC-Council Certified SOC Analyst (CSA) 312-39 Real Questions from FreeTestShare are the greatest way to ensure your success in only one sitting. By practicing with our 312-39 questions and answers, you will be able to easily answer all the questions. Practice mock exams with our 312-39 Real Questions to improve your abilities and overcome your fear of failing the exam.Our EC-Council Certified SOC Analyst (CSA) 312-39 Real Questions are the most dependable, accurate, and useful study content that will save you time and money.

Take a free 312-39 practice test to help you prepare for the exam.

Page 1 of 3

1. According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

High

Extreme

Low

Medium

2. Identify the HTTP status codes that represents the server error.

2XX

4XX

1XX

5XX

3. An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company’s URL as follows:

http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>. Identify the attack demonstrated in the above scenario.

Cross-site Scripting Attack

SQL Injection Attack

Denial-of-Service Attack

Session Attack

4. What is the process of monitoring and capturing all data packets passing through a given network using different tools?

Network Scanning

DNS Footprinting

Network Sniffing

Port Scanning

5. Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

Command Injection Attacks

SQL Injection Attacks

File Injection Attacks

LDAP Injection Attacks

6. Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

Rule-based detection

Heuristic-based detection

Anomaly-based detection

Signature-based detection

7. Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.

What would be her next action according to the SOC workflow?

She should immediately escalate this issue to the management

She should immediately contact the network administrator to solve the problem

She should communicate this incident to the media immediately

She should formally raise a ticket and forward it to the IRT

8. Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

4656

4663

4660

4657

9. Which of the log storage method arranges event logs in the form of a circular buffer?

FIFO

LIFO

non-wrapping

wrapping

10. Which of the following attack can be eradicated by filtering improper XML syntax?

CAPTCHA Attacks

SQL Injection Attacks

Insufficient Logging and Monitoring Attacks

Web Services Attacks

Page 2 of 3

11. Identify the type of attack, an attacker is attempting on www.example.com website.

Cross-site Scripting Attack

Session Attack

Denial-of-Service Attack

SQL Injection Attack

12. Which of the following is a default directory in a Mac OS X that stores security-related logs?

/private/var/log

/Library/Logs/Sync

/var/log/cups/access_log

~/Library/Logs

13. Which encoding replaces unusual ASCII characters with "%" followed by the character’s two-digit ASCII code expressed in hexadecimal?

Unicode Encoding

UTF Encoding

Base64 Encoding

URL Encoding

14. Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Hybrid Attack

Bruteforce Attack

Rainbow Table Attack

Birthday Attack

15. Which of the following factors determine the choice of SIEM architecture?

SMTP Configuration

DHCP Configuration

DNS Configuration

Network Topology

16. Which of the following is a Threat Intelligence Platform?

SolarWinds MS

TC Complete

Keepnote

Apility.io

17. Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Containment C> Incident Recording C> Incident Triage C> Preparation C> Recovery C> Eradication C> Post-Incident Activities

Preparation C> Incident Recording C> Incident Triage C> Containment C> Eradication C> Recovery C> Post-Incident Activities

Incident Triage C> Eradication C> Containment C> Incident Recording C> Preparation C> Recovery C> Post-Incident Activities

Incident Recording C> Preparation C> Containment C> Incident Triage C> Recovery C> Eradication C> Post-Incident Activities

18. Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

DHCP Starvation Attacks

DHCP Spoofing Attack

DHCP Port Stealing

DHCP Cache Poisoning

19. Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

Nmap

UrlScan

ZAP proxy

Hydra

20. According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

Create a Chain of Custody Document

Send it to the nearby police station

Set a Forensic lab

Call Organizational Disciplinary Team

Page 3 of 3

21. Bonney's system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Complaint to police in a formal way regarding the incident

Turn off the infected machine

Leave it to the network administrators to handle

Call the legal department in the organization and inform about the incident

22. Which of the following formula represents the risk levels?

Level of risk = Consequence × Severity

Level of risk = Consequence × Impact

Level of risk = Consequence × Likelihood

Level of risk = Consequence × Asset Value

23. What type of event is recorded when an application driver loads successfully in Windows?

Error

Success Audit

Warning

Information

24. What does [-n] in the following checkpoint firewall log syntax represents?

fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

Speed up the process by not performing IP addresses DNS resolution in the Log files

Display both the date and the time for each log record

Display account log records only

Display detailed log chains (all the log segments a log record consists of)

25. Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

Broken Access Control Attacks

Web Services Attacks

XSS Attacks

Session Management Attacks