312-39 Exam Questions

Sarah, a financial analyst at a multinational corporation, is suspected of leaking sensitive financial data to an unauthorized external party. The SOC team observed anomalous data...

A SOC team at a major financial institution detects unauthorized access attempts on its web application. Logs indicate the web application is compromised. To determine the exact at...

In a large corporation, the HR department receives an urgent email from someone impersonating a high-level executive, requesting immediate transfer of sensitive employee data. The...

A healthcare organization's SIEM detects unusual HTTP requests targeting its patient portal. The requests originate from a foreign IP address and occur during non-business hours. T...

A security analyst in a multinational corporation's Threat Intelligence team is tasked with enhancing detection of stealthy malware infections. During an investigation, the analyst...

The SOC analyst at a national cybersecurity agency detected unusual system behavior on critical infrastructure servers. Initial scans flagged potential malware activity. Due to the...

SecureTech Solutions, a managed security service provider (MSSP), is optimizing its log management architecture to enhance log storage, retrieval, and analysis efficiency. The SOC...

A large financial services company has experienced increasing sophisticated threats targeting critical assets. The SOC primarily focuses on log collection and basic monitoring, but...

A SOC analyst monitoring authentication logs detects a sudden and significant spike in failed login attempts targeting multiple critical servers during non-business hours. These re...

A SOC analyst detects multiple instances of powershell.exe being launched with the -ExecutionPolicy Bypass and -NoProfile arguments on a domain controller. The parent process is wi...

A major financial institution has strict policies preventing unauthorized data transfers. As a SOC analyst, during routine log analysis you detect an anomaly: an employee workstati...

A large financial institution receives thousands of security logs daily from firewalls, IDS systems, and user authentication platforms. The SOC uses an AI-driven SIEM system with N...

Jackson & Co., a mid-sized law firm, is concerned about web-based cyber threats. The IT team implements a solution that serves as an intermediary for all HTTP and HTTPS requests. T...

A financial services company implements a SIEM solution to enhance cybersecurity. Despite deployment, it fails to detect known attacks or suspicious activities. Although reports ar...

During a routine security audit, analysts discover several web servers still use a vulnerable third- party library flagged for a zero-day exploit. The vulnerability was identified...

At 10:30 AM, during routine monitoring, Tier 1 SOC analyst Jennifer detects unusual network traffic and confirms an active LockBit ransomware infection targeting systems in the fin...

You are a SOC analyst at a leading financial institution tasked with developing a comprehensive threat model to safeguard critical assets: sensitive customer data, online banking a...

A security team is configuring a newly deployed SIEM system. With limited resources, they must prioritize monitoring scenarios that provide the greatest security benefit. The team...

The SOC team at GlobalTech has finished patching a critical vulnerability exploited during a ransomware attack. The team is now restoring 2.3 TB of encrypted data from their Veeam...

A large financial organization has experienced an increase in sophisticated cyber threats, including zero-day attacks and APTs. Traditional detection relies heavily on signatures a...

A SOC analyst monitors network traffic to detect potential data exfiltration. The team uses a security solution that inspects data packets in real time as they traverse the network...

SecureTech Inc. operates critical infrastructure and applications in AWS. The SOC detects suspicious activities such as unexpected API calls, unusual outbound traffic from instance...

At 9:15 AM EST, Marcus Wong, a financial operations analyst, contacts the SOC after noticing Excel spreadsheets automatically encrypting with unusual file extensions (e.g., .locked...

NationalHealth, a government agency responsible for managing sensitive patient health records, is subject to strict data sovereignty regulations requiring all data to be stored and...

Katie is a SOC analyst at an international financial corporation. Her team needs functionality so the system continuously scans logs for anomalies, identifies suspicious activities...

The team receives an alert about a ransomware incident affecting the organization's email infrastructure. Forensic analysis identifies the ransomware exploited CVE-2024-0123 in an...

Global Solutions Inc. uses syslog for centralized logging across a geographically diverse network. The SOC team must ensure logs are reliably delivered from remote sites to the cen...

A mid-sized financial institution's SOC is overwhelmed by thousands of daily alerts, many based on Indicators of Compromise (IoCs) such as suspicious IPs, hashes, and domains. Thes...

DNS logs in the SIEM show an internal host sending many DNS queries with long, encoded subdomains to an external domain. The queries predominantly use TXT records and occur during...

A government agency needs to monitor its network for unusual data exfiltration attempts. Traditional log data is insufficient to identify traffic anomalies, so the SIEM team integr...

Sarah Chen works as a security analyst at Midwest Financial. At 2:00 AM, the SOC detects unusual data exfiltration patterns and evidence of lateral movement across multiple servers...

Global Bank relies heavily on Microsoft Azure to host critical banking applications and services. The SOC must ensure continuous monitoring, compliance, and real-time threat detect...

Sarah Chen is a Level 1 SOC analyst at Centex Healthcare. The SOC detected a potential data breach involving unauthorized access to patient records. Multiple departments need const...

CyberBank has experienced phishing, insider threats, and attempted data breaches targeting customer financial records. The bank operates across multiple regions and needs a solutio...

A newly hired SOC analyst at a fast-growing multinational organization must quickly assess the company's external exposure and identify potential security risks. Techniques conside...

James Rodriguez has recently taken over as the lead SOC manager at GlobalTech Dynamics. The team is deploying a $2M SOC facility, creating incident response playbooks, running tabl...

A SOC team is implementing a threat intelligence strategy to proactively defend against threats. The CISO emphasizes that collecting data is not enough; the team must allocate pers...

A multinational corporation with strict regulatory requirements (e.g., GDPR, PCI-DSS) needs a SIEM solution to monitor its global network. Data residency laws in certain regions pr...

A manufacturing company is deploying a SIEM system and wants to improve both security monitoring and regulatory compliance. During planning, the team uses an output-driven approach...

The SOC team at a national cybersecurity agency detects anomalous network traffic from a sensitive government server and escalates to forensics. The forensic team discovers a troja...

You are a Threat Hunter at a law firm that suffered a data breach where confidential documents were leaked. Using the Cyber Kill Chain framework, you trace the attacker's steps: th...

A manufacturing company is deploying a SIEM system and uses an output-driven approach, starting with use cases addressing unauthorized access to production control systems. They co...

David Reynolds, a SOC analyst at a healthcare organization, is investigating suspicious login attempts flagged by the SIEM. To mitigate brute-force risk on targeted endpoints, he c...

TechInnovate receives an alert about a newly discovered zero-day vulnerability in a widely used web application framework that is being actively exploited. No official patch is ava...

Mark Reynolds, a SOC analyst at a global financial institution, is working on the eradication phase after detecting phishing attacks targeting employees. To ensure attackers cannot...

A health corporation is implementing a SIEM solution to improve detection and response and comply with HIPAA requirements. They need the SIEM to efficiently collect, analyze, and c...

Pearl is a Level 1 SOC analyst at a global financial institution using SQL Server to store sensitive customer information. She investigates an alert showing multiple failed web app...

A SOC team notices malware-related incidents increased over the past six months, primarily targeting endpoints through phishing campaigns. They need to present a report to security...

Bonney's system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

According to the forensics investigation process, what is the next step carried out right after collecting the evidence?