312-39 Exam Questions

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|. What does th...

Which of the following Windows Event Id will help you monitors file sharing across the network?

The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk. What kind of threat inte...

Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?

Which of the following tool is used to recover from web application incident?

Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting...

What type of event is recorded when an application driver loads successfully in Windows?

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the cli...

John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources,...

Which of the following is a default directory in a Mac OS X that stores security-related logs?

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related lo...

Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website. Where will Harley find the web serve...

What does the Security Log Event ID 4624 of Windows 10 indicate?

Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protec...

What does the HTTP status codes 1XX represents?

In which phase of Lockheed Martin's - Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

What does [-n] in the following checkpoint firewall log syntax represents? fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime]...

Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a handling, at one stage, he has performed incident analysis and validation to che...

Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered...

Identify the attack in which the attacker exploits a target system through publicly known but still unpatched vulnerabilities.

In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

Which of the following stage executed after identifying the required event sources?

Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

Which of the following contains the performance measures, and proper project and time management details?

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from wher...

Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigati...

Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand...

If the SIEM generates the following four alerts at the same time: I . Firewall blocking traffic from getting into the network alerts II . SQL injection attempt alerts III . Data de...

InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC. Identify the...

Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance po...

David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events. This type of incident is categorized int...

Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of...

Identify the HTTP status codes that represents the server error.

Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below. What does this event log indicate?

Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and foru...