Get Ready to Pass the 312-39 exam Right Now Using Our EC-COUNCIL CSA Exam Package
Enhance Your Career With Available Preparation Guide for 312-39 Exam
NEW QUESTION # 19
Which of the following formula represents the risk levels?
- A. Level of risk = Consequence * Asset Value
- B. Level of risk = Consequence * Severity
- C. Level of risk = Consequence * Likelihood
- D. Level of risk = Consequence * Impact
Answer: C
Explanation:
NEW QUESTION # 20
What is the correct sequence of SOC Workflow?
- A. Collect, Ingest, Validate, Report, Respond, Document
- B. Collect, Ingest, Validate, Document, Report, Respond
- C. Collect, Respond, Validate, Ingest, Report, Document
- D. Collect, Ingest, Document, Validate, Report, Respond
Answer: B
NEW QUESTION # 21
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?
- A. Planning and budgeting -> Forensics lab licensing -> Physical location and structural design considerations -> Work area considerations -> Physical security recommendations -> Human resource considerations
- B. Planning and budgeting -> Physical location and structural design considerations-> Forensics lab licensing -> Human resource considerations -> Work area considerations -> Physical security recommendations
- C. Planning and budgeting -> Physical location and structural design considerations -> Forensics lab licensing ->Work area considerations -> Human resource considerations -> Physical security recommendations
- D. Planning and budgeting -> Physical location and structural design considerations -> Work area considerations -> Human resource considerations -> Physical security recommendations -> Forensics lab licensing
Answer: D
NEW QUESTION # 22
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?
- A. IIS Data
- B. Netstat Data
- C. DNS Data
- D. DHCP Data
Answer: B
NEW QUESTION # 23
Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?
- A. URL Injection Attacks
- B. Command Injection Attacks
- C. LDAP Injection Attacks
- D. File Injection Attacks
Answer: A
NEW QUESTION # 24
Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the planned incident response capabilities.
What is he looking for?
- A. Incident Response Mission
- B. Incident Response Resources
- C. Incident Response Vision
- D. Incident Response Intelligence
Answer: B
NEW QUESTION # 25
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?
- A. Tactics, Targets, and Process
- B. Tactics, Threats, and Procedures
- C. Targets, Threats, and Process
- D. Tactics, Techniques, and Procedures
Answer: D
NEW QUESTION # 26
Which of the following Windows event is logged every time when a user tries to access the "Registry" key?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION # 27
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?
- A. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
- B. DNS/ Web Server logs with IP addresses.
- C. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
- D. Apache/ Web Server logs with IP addresses and Host Name.
Answer: C
Explanation:
NEW QUESTION # 28
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?
- A. Evidence Gathering
- B. Systems Recovery
- C. Evidence Handling
- D. Eradication
Answer: A
NEW QUESTION # 29
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
- A. SystemDrive%\LogFiles\inetpub\logs\W3SVCN
- B. SystemDrive%\ inetpub\LogFiles\logs\W3SVCN
- C. SystemDrive%\inetpub\logs\LogFiles\W3SVCN
- D. %SystemDrive%\LogFiles\logs\W3SVCN
Answer: A
NEW QUESTION # 30
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.
What does this event log indicate?
- A. Parameter Tampering Attack
- B. Directory Traversal Attack
- C. XSS Attack
- D. SQL Injection Attack
Answer: A
NEW QUESTION # 31
Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.
What does this event log indicate?
- A. Directory Traversal Attack
- B. SQL Injection Attack
- C. XSS Attack
- D. Parameter Tampering Attack
Answer: B
Explanation:
NEW QUESTION # 32
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
- A. Rule-based detection
- B. Signature-based detection
- C. Heuristic-based detection
- D. Anomaly-based detection
Answer: D
NEW QUESTION # 33
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd
- A. Directory Traversal Attack
- B. Denial-of-Service Attack
- C. SQL Injection Attack
- D. Form Tampering Attack
Answer: C
NEW QUESTION # 34
Which of the following factors determine the choice of SIEM architecture?
- A. DHCP Configuration
- B. SMTP Configuration
- C. DNS Configuration
- D. Network Topology
Answer: D
Explanation:
NEW QUESTION # 35
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.
- A. Session Fixation Attack
- B. Denial-of-Service Attack
- C. SQL Injection Attack
- D. Parameter Tampering Attack
Answer: A
NEW QUESTION # 36
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?
NOTE: It is mandatory to answer the question before proceeding to the next one.
- A. Low
- B. Medium
- C. High
- D. Extreme
Answer: C
NEW QUESTION # 37
A type of threat intelligent that find out the information about the attacker by misleading them is known as
.
- A. Threat trending Intelligence
- B. Counter Intelligence
- C. Operational Intelligence
- D. Detection Threat Intelligence
Answer: B
Explanation:
NEW QUESTION # 38
What does Windows event ID 4740 indicate?
- A. A user account was enabled.
- B. A user account was locked out.
- C. A user account was disabled.
- D. A user account was created.
Answer: B
NEW QUESTION # 39
Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?
- A. DHCP Starvation Attacks
- B. DHCP Port Stealing
- C. DHCP Spoofing Attack
- D. DHCP Cache Poisoning
Answer: A
NEW QUESTION # 40
......
Get Special Discount Offer of 312-39 Certification Exam Sample Questions and Answers: https://www.exam4docs.com/312-39-study-questions.html
New 312-39 Dumps For Preparing EC-COUNCIL CSA Certified EC-COUNCIL Exam Well: https://drive.google.com/open?id=1zEzVSIowDIWFHcMGk-PxFdLbnzLdVQRX
