• Home
  • Articles
  • [Feb 01, 2024] Fully Updated Dumps PDF - Latest 312-39 Exam Questions and Answers [Q32-Q53]

[Feb 01, 2024] Fully Updated Dumps PDF - Latest 312-39 Exam Questions and Answers [Q32-Q53]

Share

[Feb 01, 2024] Fully Updated Dumps PDF - Latest 312-39 Exam Questions and Answers

100% Free 312-39 Exam Dumps to Pass Exam Easily from ActualPDF

NEW QUESTION # 32
What type of event is recorded when an application driver loads successfully in Windows?

  • A. Success Audit
  • B. Warning
  • C. Error
  • D. Information

Answer: D


NEW QUESTION # 33
Which of the following stage executed after identifying the required event sources?

  • A. Implementing and Testing the Use Case
  • B. Validating the event source against monitoring requirement
  • C. Defining Rule for the Use Case
  • D. Identifying the monitoring Requirements

Answer: B


NEW QUESTION # 34
What does Windows event ID 4740 indicate?

  • A. A user account was disabled.
  • B. A user account was created.
  • C. A user account was locked out.
  • D. A user account was enabled.

Answer: C


NEW QUESTION # 35
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

  • A. Complaint to police in a formal way regarding the incident
  • B. Leave it to the network administrators to handle
  • C. Call the legal department in the organization and inform about the incident
  • D. Turn off the infected machine

Answer: D


NEW QUESTION # 36
Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.
What Chloe is looking at?

  • A. Error log
  • B. Login records
  • C. General message and system-related stuff
  • D. System boot log

Answer: B


NEW QUESTION # 37
John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.
What does this event log indicate?

  • A. Directory Traversal Attack
  • B. XSS Attack
  • C. Parameter Tampering Attack
  • D. SQL injection Attack

Answer: B


NEW QUESTION # 38
John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.
What does this event log indicate?

  • A. XSS Attack
  • B. Directory Traversal Attack
  • C. Parameter Tampering Attack
  • D. SQL injection Attack

Answer: B

Explanation:


NEW QUESTION # 39
Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

  • A. 2 and 3
  • B. 1 and 4
  • C. 1 and 2
  • D. 3 and 1

Answer: B


NEW QUESTION # 40
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

  • A. File Injection Attacks
  • B. LDAP Injection Attacks
  • C. SQL Injection Attacks
  • D. Command Injection Attacks

Answer: C


NEW QUESTION # 41
Identify the type of attack, an attacker is attempting on www.example.com website.

  • A. Session Attack
  • B. Denial-of-Service Attack
  • C. SQL Injection Attack
  • D. Cross-site Scripting Attack

Answer: D


NEW QUESTION # 42
Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

  • A. DHCP starvation Attack
  • B. Ransomware Attack
  • C. File Injection Attack
  • D. DoS Attack

Answer: B


NEW QUESTION # 43
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

  • A. SystemDrive%\ inetpub\LogFiles\logs\W3SVCN
  • B. SystemDrive%\LogFiles\inetpub\logs\W3SVCN
  • C. SystemDrive%\inetpub\logs\LogFiles\W3SVCN
  • D. %SystemDrive%\LogFiles\logs\W3SVCN

Answer: B


NEW QUESTION # 44
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

  • A. signature-based
  • B. pull-based
  • C. push-based
  • D. rule-based

Answer: C

Explanation:


NEW QUESTION # 45
Which of the following formula represents the risk?

  • A. Risk = Likelihood * Impact * Asset Value
  • B. Risk = Likelihood * Severity * Asset Value
  • C. Risk = Likelihood * Consequence * Severity
  • D. Risk = Likelihood * Impact * Severity

Answer: C


NEW QUESTION # 46
Which of the following factors determine the choice of SIEM architecture?

  • A. DNS Configuration
  • B. DHCP Configuration
  • C. SMTP Configuration
  • D. Network Topology

Answer: A


NEW QUESTION # 47
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

  • A. MagicTree
  • B. IntelMQ
  • C. threat_note
  • D. Malstrom

Answer: B


NEW QUESTION # 48
What is the correct sequence of SOC Workflow?

  • A. Collect, Respond, Validate, Ingest, Report, Document
  • B. Collect, Ingest, Document, Validate, Report, Respond
  • C. Collect, Ingest, Validate, Report, Respond, Document
  • D. Collect, Ingest, Validate, Document, Report, Respond

Answer: D


NEW QUESTION # 49
Which of the following command is used to enable logging in iptables?

  • A. $ iptables -B OUTPUT -j LOG
  • B. $ iptables -B INPUT -j LOG
  • C. $ iptables -A OUTPUT -j LOG
  • D. $ iptables -A INPUT -j LOG

Answer: C


NEW QUESTION # 50
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?

  • A. False Negative Incidents
  • B. False positive Incidents
  • C. True Positive Incidents
  • D. True Negative Incidents

Answer: D


NEW QUESTION # 51
Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

  • A. Ransomware Attack
  • B. Reconnaissance Attack
  • C. Man-In-Middle Attack
  • D. DoS Attack

Answer: B


NEW QUESTION # 52
Which of the following can help you eliminate the burden of investigating false positives?

  • A. Keeping default rules
  • B. Ingesting the context data
  • C. Treating every alert as high level
  • D. Not trusting the security devices

Answer: A


NEW QUESTION # 53
......

Free 312-39 Exam Questions 312-39 Actual Free Exam Questions: https://testinsides.actualpdf.com/312-39-real-questions.html

Related Articles

more
EC-COUNCIL 312-39 Certification Practice Exam