This page was exported from Valid Premium Exam [ http://premium.validexam.com ] Export date:Mon Feb 24 18:39:27 2025 / +0000 GMT ___________________________________________________ Title: [Q56-Q74] Updated Aug-2024 Exam Engine or PDF for the EC-COUNCIL 312-39 test to help you quickly prepare for the EC-COUNCIL exam! --------------------------------------------------- Updated Aug-2024 Test Engine or PDF for the EC-COUNCIL 312-39 test to help you quickly prepare for the EC-COUNCIL exam! Full 312-39 Practice Test and 102 unique questions with explanations waiting just for you, get it now! QUESTION 56Which of the following Windows features is used to enable Security Auditing in Windows?  Bitlocker  Windows Firewall  Local Group Policy Editor  Windows Defender QUESTION 57What does the HTTP status codes 1XX represents?  Informational message  Client error  Success  Redirection The HTTP status codes that fall within the range of 1XX represent informational messages. These are provisional responses that indicate the initial part of a request has been received and has not yet been rejected by the server. The server is informing the client that it has received the header of the request and the client should continue to send the request body if it has not already done so. These status codes are used to provide an interim response to the client while the server processes the full request.References: The EC-Council’s Certified SOC Analyst (C|SA) program includes the study of HTTP status codes as part of understanding web server logs and troubleshooting web server issues. The informational responses (1XX status codes) are covered in the curriculum and can be found in the official EC-Council SOC Analyst study guides and courses. The information is also consistent with the standard definitions provided by the Internet Engineering Task Force (IETF) in RFC 9110, as well as other reputable sources such as MDN Web Docs1 and Wikipedia2.QUESTION 58Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.What does this event log indicate?  Parameter Tampering Attack  XSS Attack  Directory Traversal Attack  SQL Injection Attack QUESTION 59Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.What does this event log indicate?  Directory Traversal Attack  XSS Attack  SQL Injection Attack  Parameter Tampering Attack QUESTION 60Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?  Containment -> Incident Recording -> Incident Triage -> Preparation -> Recovery -> Eradication -> Post-Incident Activities  Preparation -> Incident Recording -> Incident Triage -> Containment -> Eradication -> Recovery -> Post-Incident Activities  Incident Triage -> Eradication -> Containment -> Incident Recording -> Preparation -> Recovery -> Post-Incident Activities  Incident Recording -> Preparation -> Containment -> Incident Triage -> Recovery -> Eradication -> Post-Incident Activities QUESTION 61What type of event is recorded when an application driver loads successfully in Windows?  Error  Success Audit  Warning  Information QUESTION 62Which encoding replaces unusual ASCII characters with “%” followed by the character’s two-digit ASCII code expressed in hexadecimal?  Unicode Encoding  UTF Encoding  Base64 Encoding  URL Encoding QUESTION 63An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.Which SIEM deployment architecture will the organization adopt?  Cloud, MSSP Managed  Self-hosted, Jointly Managed  Self-hosted, MSSP Managed  Self-hosted, Self-Managed QUESTION 64Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?  Hybrid Attack  Bruteforce Attack  Rainbow Table Attack  Birthday Attack QUESTION 65Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.Identify the stage in which he is currently in.  Post-Incident Activities  Incident Recording and Assignment  Incident Triage  Incident Disclosure QUESTION 66Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?  Analytical Threat Intelligence  Operational Threat Intelligence  Strategic Threat Intelligence  Tactical Threat Intelligence QUESTION 67If the SIEM generates the following four alerts at the same time:I.Firewall blocking traffic from getting into the network alertsII.SQL injection attempt alertsIII.Data deletion attempt alertsIV.Brute-force attempt alertsWhich alert should be given least priority as per effective alert triaging?  III  IV  II  I In the context of alert triaging within a Security Operations Center (SOC), the priority of alerts is typically determined based on the potential impact and urgency of the threat they represent.* Firewall blocking traffic alerts indicate that the firewall is effectively doing its job by blocking unwanted traffic. While it’s important to review these alerts to ensure legitimate traffic isn’t being blocked, they generally represent a lower priority because the immediate threat has been mitigated by the firewall.* SQL injection attempt alerts are of high priority because they indicate an active attempt to exploit a security vulnerability in order to manipulate or steal data.* Data deletion attempt alerts also carry high priority as they could signify an attempt to remove or corrupt critical data, which could have significant impact on the availability and integrity of data.* Brute-force attempt alerts are important as they may indicate an ongoing attempt to gain unauthorized access to systems. However, if the attempts are being blocked, these alerts may be of a slightly lower priority compared to an active exploit attempt like SQL injection.Given these considerations, the alert for the firewall blocking traffic would generally be given the least priority, as it indicates a threat that has already been contained.References: The EC-Council’s Certified SOC Analyst (CSA) program covers the fundamentals of SOC operations, including the management of alerts and the triaging process. The program emphasizes the importance of prioritizing alerts based on the severity and potential impact of the threat12. For more detailed information, the EC-Council’s official CSA study guides and courses should be consulted. These resources provide in-depth knowledge on how to effectively manage and prioritize alerts in a SOC environment.QUESTION 68Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((%3C)|<)((%69)|i|(%49))((%6D)|m|(%4D))((%67)|g|(%47))[^n]+((%3E)|>)/|.What does this event log indicate?  Directory Traversal Attack  Parameter Tampering Attack  XSS Attack  SQL Injection Attack QUESTION 69Bonney’s system has been compromised by a gruesome malware.What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?  Complaint to police in a formal way regarding the incident  Turn off the infected machine  Leave it to the network administrators to handle  Call the legal department in the organization and inform about the incident The primary step in containing a malware incident is to isolate the infected machine to prevent the malware from spreading to other systems. This can be done by disconnecting it from the network and turning it off.This action helps to contain the incident and allows for a proper investigation without the risk of further infection or data loss.References: The EC-Council’s Certified SOC Analyst (CSA) program emphasizes the importance of quick response to security incidents, including malware infections. The training includes understanding security threats, attacks, vulnerabilities, and the appropriate responses to such incidents. The CSA program also covers the procedures for incident response, which includes the containment strategies for incidents like malware outbreaks123.QUESTION 70Which of the log storage method arranges event logs in the form of a circular buffer?  FIFO  LIFO  non-wrapping  wrapping QUESTION 71Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:May 06 2018 21:27:27 asa 1: %ASA -5 – 11008: User ‘enable_15’ executed the ‘configure term’ command What does the security level in the above log indicates?  Warning condition message  Critical condition message  Normal but significant message  Informational message QUESTION 72Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?  Egress Filtering  Throttling  Rate Limiting  Ingress Filtering QUESTION 73According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?  High  Extreme  Low  Medium QUESTION 74Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?  Netstat Data  DNS Data  IIS Data  DHCP Data A SOC Analyst would use Netstat Data to monitor connections to insecure ports. Netstat, which stands for network statistics, is a command-line tool that displays incoming and outgoing network connections (both TCP and UDP), routing tables, and a number of network interface and network protocol statistics. It is available on various operating systems, including Windows, Linux, and Unix, and is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.References: The use of Netstat for monitoring network connections is a common practice and is covered in EC-Council’s SOC Analyst curriculum, which provides foundational knowledge for security operations center (SOC) team members on various tools and techniques for monitoring and analyzing network traffic12. Additionally, Netstat’s capabilities are well-documented in various technical resources that detail its usage for security analysis purposes34. Loading … Full 312-39 Practice Test and 102 unique questions with explanations waiting just for you, get it now: https://www.validexam.com/312-39-latest-dumps.html --------------------------------------------------- Images: https://premium.validexam.com/wp-content/plugins/watu/loading.gif https://premium.validexam.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-08-01 14:34:06 Post date GMT: 2024-08-01 14:34:06 Post modified date: 2024-08-01 14:34:06 Post modified date GMT: 2024-08-01 14:34:06