312-39 Practice Questions
Certified SOC Analyst (CSA v2)
Last Update 1 day ago
Total Questions : 200
Dive into our fully updated and stable 312-39 practice test platform, featuring all the latest CSA exam questions added this week. Our preparation tool is more than just a ECCouncil study aid; it's a strategic advantage.
Our free CSA practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about 312-39. Use this test to pinpoint which areas you need to focus your study on.
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12 &debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12 &debit=10
Identify the attack depicted in the above scenario.
Jennifer, a SOC analyst, initiates an investigation after receiving an alert about potential unauthorized activity on Marcus's workstation. She starts by retrieving EDR logs from the endpoint, analyzing network traffic patterns in the Security Information and Event Management (SIEM) system, and inspecting email gateway logs for signs of malicious attachments. Her objective is to determine whether this alert represents a legitimate security incident. In which phase of the Incident Response process is Jennifer currently operating?
Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.
As a Threat Hunter at a cybersecurity company, you notice several endpoints experiencing unusual outbound traffic to an unfamiliar IP address. The traffic is encrypted and occurs in small bursts at irregular intervals. There are no known IoCs associated with the destination, and traditional security tools have not flagged it as malicious. You decide to launch a threat-hunting initiative to determine whether this is an advanced persistent threat (APT) using sophisticated techniques to evade detection. The goal is to identify potential Indicators of Attack (IoAs) and map them against known adversary behaviors. What type of threat hunting approach is best suited for this situation?
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
A SOC analyst detects multiple instances of powershell.exe being launched with the -ExecutionPolicy Bypass and -NoProfile arguments on a domain controller. The parent process is winrm.exe, and the activity occurs during non-business hours. What should be the analyst’s primary focus?
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?
Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare adashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?
