312-39 PDF Dumps Aug 21, 2022 Recently Updated Questions [Q60-Q83]

Share

312-39 PDF Dumps | Aug 21, 2022 Recently Updated Questions

312-39 Exam Questions – Valid 312-39 Dumps Pdf


The EC-Council 312-39 exam is designed to evaluate and validate the extensive knowledge and skills of the candidates in the job tasks associated with the SOC Analyst role. This test is the first step towards becoming an active player in the security operations center. The potential individuals for the exam demonstrate the in-demand and trending technical skills in carrying out the entry-level and mid-level operations. The students will be measured based on their expertise in log correlation and management, advanced incident detection, SIEM deployment, incident detection, incident response, and management of different SOC processes.

 

NEW QUESTION 60
What does the HTTP status codes 1XX represents?

  • A. Success
  • B. Client error
  • C. Redirection
  • D. Informational message

Answer: D

 

NEW QUESTION 61
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

  • A. Incident Disclosure
  • B. Incident Recording and Assignment
  • C. Post-Incident Activities
  • D. Incident Triage

Answer: D

Explanation:

 

NEW QUESTION 62
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

  • A. Turn off the infected machine
  • B. Complaint to police in a formal way regarding the incident
  • C. Leave it to the network administrators to handle
  • D. Call the legal department in the organization and inform about the incident

Answer: A

 

NEW QUESTION 63
What is the process of monitoring and capturing all data packets passing through a given network using different tools?

  • A. Network Sniffing
  • B. Network Scanning
  • C. DNS Footprinting
  • D. Port Scanning

Answer: A

 

NEW QUESTION 64
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?

  • A. Cloud, MSSP Managed
  • B. Self-hosted, Jointly Managed
  • C. Self-hosted, MSSP Managed
  • D. Self-hosted, Self-Managed

Answer: C

 

NEW QUESTION 65
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

  • A. Incident Recording -> Preparation -> Containment -> Incident Triage -> Recovery -> Eradication -> Post-Incident Activities
  • B. Containment -> Incident Recording -> Incident Triage -> Preparation -> Recovery -> Eradication -> Post-Incident Activities
  • C. Incident Triage -> Eradication -> Containment -> Incident Recording -> Preparation -> Recovery -> Post-Incident Activities
  • D. Preparation -> Incident Recording -> Incident Triage -> Containment -> Eradication -> Recovery -> Post-Incident Activities

Answer: D

 

NEW QUESTION 66
The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?

  • A. Tactical Threat Intelligence
  • B. Functional Threat Intelligence
  • C. Operational Threat Intelligence
  • D. Strategic Threat Intelligence

Answer: D

 

NEW QUESTION 67
Which of the following is a Threat Intelligence Platform?

  • A. TC Complete
  • B. Keepnote
  • C. Apility.io
  • D. SolarWinds MS

Answer: A

Explanation:

 

NEW QUESTION 68
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

  • A. SQL Injection Attacks
  • B. Command Injection Attacks
  • C. LDAP Injection Attacks
  • D. File Injection Attacks

Answer: B

Explanation:

 

NEW QUESTION 69
Which of the following directory will contain logs related to printer access?

  • A. /var/log/cups/access_log file
  • B. /var/log/cups/Printeraccess_log file
  • C. /var/log/cups/accesslog file
  • D. /var/log/cups/Printer_log file

Answer: D

 

NEW QUESTION 70
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd

  • A. Denial-of-Service Attack
  • B. Directory Traversal Attack
  • C. Form Tampering Attack
  • D. SQL Injection Attack

Answer: B

Explanation:

 

NEW QUESTION 71
What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

  • A. Display account log records only
  • B. Speed up the process by not performing IP addresses DNS resolution in the Log files
  • C. Display both the date and the time for each log record
  • D. Display detailed log chains (all the log segments a log record consists of)

Answer: B

 

NEW QUESTION 72
Which of the following command is used to enable logging in iptables?

  • A. $ iptables -B INPUT -j LOG
  • B. $ iptables -A OUTPUT -j LOG
  • C. $ iptables -A INPUT -j LOG
  • D. $ iptables -B OUTPUT -j LOG

Answer: C

Explanation:

 

NEW QUESTION 73
What does the Security Log Event ID 4624 of Windows 10 indicate?

  • A. New process executed
  • B. An account was successfully logged on
  • C. A share was assessed
  • D. Service added to the endpoint

Answer: B

 

NEW QUESTION 74
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?

  • A. False Negative Incidents
  • B. True Positive Incidents
  • C. True Negative Incidents
  • D. False positive Incidents

Answer: A

Explanation:

 

NEW QUESTION 75
Which of the following formula represents the risk?

  • A. Risk = Likelihood * Consequence * Severity
  • B. Risk = Likelihood * Impact * Asset Value
  • C. Risk = Likelihood * Impact * Severity
  • D. Risk = Likelihood * Severity * Asset Value

Answer: B

Explanation:

 

NEW QUESTION 76
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i|(\%
49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?

  • A. SQL Injection Attack
  • B. XSS Attack
  • C. Directory Traversal Attack
  • D. Parameter Tampering Attack

Answer: B

 

NEW QUESTION 77
What does HTTPS Status code 403 represents?

  • A. Internal Server Error
  • B. Not Found Error
  • C. Unauthorized Error
  • D. Forbidden Error

Answer: D

 

NEW QUESTION 78
Which of the following factors determine the choice of SIEM architecture?

  • A. DNS Configuration
  • B. Network Topology
  • C. SMTP Configuration
  • D. DHCP Configuration

Answer: A

 

NEW QUESTION 79
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?

  • A. Tactics, Targets, and Process
  • B. Tactics, Techniques, and Procedures
  • C. Tactics, Threats, and Procedures
  • D. Targets, Threats, and Process

Answer: B

 

NEW QUESTION 80
Which of the following command is used to enable logging in iptables?

  • A. $ iptables -A INPUT -j LOG
  • B. $ iptables -B INPUT -j LOG
  • C. $ iptables -A OUTPUT -j LOG
  • D. $ iptables -B OUTPUT -j LOG

Answer: C

 

NEW QUESTION 81
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?

  • A. False Negative Incidents
  • B. True Negative Incidents
  • C. True Positive Incidents
  • D. False positive Incidents

Answer: B

 

NEW QUESTION 82
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?
NOTE: It is mandatory to answer the question before proceeding to the next one.

  • A. Low
  • B. Medium
  • C. Extreme
  • D. High

Answer: D

 

NEW QUESTION 83
......

312-39 dumps Sure Practice with 102 Questions: https://www.validtorrent.com/312-39-valid-exam-torrent.html

312-39 Practice Test Questions Answers Updated 102 Questions: https://drive.google.com/open?id=1lf4FmYuMAVnAqPvfIWdHO5ZtQfPL6hqH