EC-COUNCIL 312-39 Daily Practice Exam New 2023 Updated 102 Questions
Use Valid 312-39 Exam - Actual Exam Question & Answer
The EC-Council 312-39 exam is designed to evaluate and validate the extensive knowledge and skills of the candidates in the job tasks associated with the SOC Analyst role. This test is the first step towards becoming an active player in the security operations center. The potential individuals for the exam demonstrate the in-demand and trending technical skills in carrying out the entry-level and mid-level operations. The students will be measured based on their expertise in log correlation and management, advanced incident detection, SIEM deployment, incident detection, incident response, and management of different SOC processes.
NEW QUESTION # 53
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?
- A. Netstat Data
- B. DNS Data
- C. IIS Data
- D. DHCP Data
Answer: A
NEW QUESTION # 54
The Syslog message severity levels are labelled from level 0 to level 7.
What does level 0 indicate?
- A. Debugging
- B. Alert
- C. Emergency
- D. Notification
Answer: D
NEW QUESTION # 55
Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?
- A. ITIL
- B. COBIT
- C. SSE-CMM
- D. SOC-CMM
Answer: C
NEW QUESTION # 56
Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.
- A. 2 and 3
- B. 3 and 1
- C. 1 and 4
- D. 1 and 2
Answer: C
NEW QUESTION # 57
Which of the following formula represents the risk levels?
- A. Level of risk = Consequence * Likelihood
- B. Level of risk = Consequence * Severity
- C. Level of risk = Consequence * Asset Value
- D. Level of risk = Consequence * Impact
Answer: A
Explanation:
NEW QUESTION # 58
Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?
- A. Incident Classification
- B. Incident Analysis and Validation
- C. Incident Recording
- D. Incident Prioritization
Answer: A
Explanation:
Explanation
Graphical user interface Description automatically generated
NEW QUESTION # 59
Which of the following Windows features is used to enable Security Auditing in Windows?
- A. Local Group Policy Editor
- B. Bitlocker
- C. Windows Firewall
- D. Windows Defender
Answer: A
NEW QUESTION # 60
Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?
- A. Data Collection
- B. Identification
- C. Containment
- D. Eradication
Answer: C
NEW QUESTION # 61
Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
- A. Hybrid Attack
- B. Bruteforce Attack
- C. Birthday Attack
- D. Rainbow Table Attack
Answer: A
Explanation:
NEW QUESTION # 62
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
- A. show logging | forward 210
- B. show logging | include 210
- C. show logging | route 210
- D. show logging | access 210
Answer: B
NEW QUESTION # 63
An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company's URL as follows:
http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>.
Identify the attack demonstrated in the above scenario.
- A. Session Attack
- B. SQL Injection Attack
- C. Denial-of-Service Attack
- D. Cross-site Scripting Attack
Answer: D
Explanation:
Explanation
NEW QUESTION # 64
Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.
What Chloe is looking at?
- A. Error log
- B. System boot log
- C. Login records
- D. General message and system-related stuff
Answer: C
NEW QUESTION # 65
Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?
- A. Egress Filtering
- B. Rate Limiting
- C. Throttling
- D. Ingress Filtering
Answer: D
NEW QUESTION # 66
Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?
- A. Level
- B. Keywords
- C. Task Category
- D. Source
Answer: B
NEW QUESTION # 67
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.
- A. SQL Injection Attack
- B. Denial-of-Service Attack
- C. Parameter Tampering Attack
- D. Session Fixation Attack
Answer: C
Explanation:
NEW QUESTION # 68
......
Test Engine to Practice 312-39 Test Questions: https://actual4test.practicetorrent.com/312-39-practice-exam-torrent.html