Certified SOC Analyst (CSA)
Last Update 1 day ago
Total Questions : 100
312-39 is stable now with all latest exam questions are added 1 day ago. Just download our Full package and start your journey with ECCouncil Certified SOC Analyst (CSA) certification. All these ECCouncil 312-39 practice exam questions are real and verified by our Experts in the related industry fields.
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12 &debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12 &debit=10
Identify the attack depicted in the above scenario.
The Syslog message severity levels are labelled from level 0 to level 7.
What does level 0 indicate?
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.
Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
InfoSystem LLC, a US-based company, is establishing an in-house SO
C.
John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.
Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.
Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.
What does this event log indicate?
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?
Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?
What type of event is recorded when an application driver loads successfully in Windows?
Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?
An organization is implementing and deploying the SIEM with following capabilities.
What kind of SIEM deployment architecture the organization is planning to implement?
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?
In which phase of Lockheed Martin's – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
Which of the following is a default directory in a Mac OS X that stores security-related logs?
Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.
What Chloe is looking at?
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?
Which of the following contains the performance measures, and proper project and time management details?
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?
Sam, a security analyst with INFOSOL IN
C.
, while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.What does this event log indicate?
Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?
John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.
Which of the following types of threat intelligence did he use?
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?
TESTED 25 Apr 2024
Hi this is Romona Kearns from Holland and I would like to tell you that I passed my exam with the use of exams4sure dumps. I got same questions in my exam that I prepared from your test engine software. I will recommend your site to all my friends for sure.
Our all material is important and it will be handy for you. If you have short time for exam so, we are sure with the use of it you will pass it easily with good marks. If you will not pass so, you could feel free to claim your refund. We will give 100% money back guarantee if our customers will not satisfy with our products.
