312-39 Exam Questions

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

Which of the following directory will contain logs related to printer access?

Which of the following command is used to enable logging in iptables?

Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to pro...

Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the br...

Which encoding replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

Which of the following formula represents the risk?

The Syslog message severity levels are labelled from level 0 to level 7. What does level 0 indicate?

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal net...

Which of the following formula is used to calculate the EPS of the organization?

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads. What does this indicate?

An organization is implementing and deploying the SIEM with following capabilities. What kind of SIEM deployment architecture the organization is planning to implement?

What is the process of monitoring and capturing all data packets passing through a given network using different tools?

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

Which of the following Windows features is used to enable Security Auditing in Windows?

Which of the following attack can be eradicated by filtering improper XML syntax?

Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he sugge...

Which of the following can help you eliminate the burden of investigating false positives?

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

Which of the log storage method arranges event logs in the form of a circular buffer?

An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by...

Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data. He is at which stage of the threat intel...

Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?

Which of the following factors determine the choice of SIEM architecture?

What does HTTPS Status code 403 represents?

Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

Which of the following are the responsibilities of SIEM Agents? 1. Collecting data received from various devices sending data to SIEM before forwarding it to the central engine. 2....

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix. What d...

Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

What does Windows event ID 4740 indicate?

Which of the following is a Threat Intelligence Platform?

A type of threat intelligent that find out the information about the attacker by misleading them is known as .

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp. What Chloe is looking at?

Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using threat actor TTPs, malware campaigns, tool...

Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs. What does these TTPs refer to?

Which of the following data source can be used to detect the traffic associated with Bad Bot User- Agents?

Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the planned incident response capabilities. What i...

John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i. What...

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to ans...

Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry: May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable...

What is the correct sequence of SOC Workflow?

Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks. What among the following s...

An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company's URL as follows: error");</script>. Iden...

Which of the following formula represents the risk levels?

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?