• Home
  • Articles
  • [Oct-2021] Updated EC-COUNCIL CSA 312-39 Exam Questions BUNDLE PACK [Q16-Q34]

[Oct-2021] Updated EC-COUNCIL CSA 312-39 Exam Questions BUNDLE PACK [Q16-Q34]

Share

[Oct-2021] Updated EC-COUNCIL CSA 312-39 Exam Questions BUNDLE PACK

Master The EC-COUNCIL Content 312-39 EXAM DUMPS WITH GUARANTEED SUCCESS!

NEW QUESTION 16
Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?

  • A. Incident Prioritization
  • B. Incident Classification
  • C. Incident Recording
  • D. Incident Analysis and Validation

Answer: B

 

NEW QUESTION 17
Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

  • A. Broken Access Control Attacks
  • B. Session Management Attacks
  • C. Web Services Attacks
  • D. XSS Attacks

Answer: D

 

NEW QUESTION 18
Which of the following is a Threat Intelligence Platform?

  • A. TC Complete
  • B. Apility.io
  • C. SolarWinds MS
  • D. Keepnote

Answer: C

 

NEW QUESTION 19
Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

  • A. Rate Limiting
  • B. Ingress Filtering
  • C. Egress Filtering
  • D. Throttling

Answer: B

 

NEW QUESTION 20
In which phase of Lockheed Martin's - Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

  • A. Weaponization
  • B. Exploitation
  • C. Reconnaissance
  • D. Delivery

Answer: D

 

NEW QUESTION 21
Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

  • A. Ransomware Attack
  • B. DoS Attack
  • C. File Injection Attack
  • D. DHCP starvation Attack

Answer: A

 

NEW QUESTION 22
Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?

  • A. She should immediately contact the network administrator to solve the problem
  • B. She should communicate this incident to the media immediately
  • C. She should formally raise a ticket and forward it to the IRT
  • D. She should immediately escalate this issue to the management

Answer: A

 

NEW QUESTION 23
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex
/((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?

  • A. SQL Injection Attack
  • B. XSS Attack
  • C. Parameter Tampering Attack
  • D. Directory Traversal Attack

Answer: B

 

NEW QUESTION 24
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

  • A. Incident Recording and Assignment
  • B. Incident Disclosure
  • C. Incident Triage
  • D. Post-Incident Activities

Answer: A

 

NEW QUESTION 25
A type of threat intelligent that find out the information about the attacker by misleading them is known as
.

  • A. Counter Intelligence
  • B. Detection Threat Intelligence
  • C. Operational Intelligence
  • D. Threat trending Intelligence

Answer: C

 

NEW QUESTION 26
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

  • A. Signature-based detection
  • B. Anomaly-based detection
  • C. Rule-based detection
  • D. Heuristic-based detection

Answer: B

 

NEW QUESTION 27
Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

  • A. Syllable Attack
  • B. Dictionary Attack
  • C. Rainbow Table Attack
  • D. Bruteforce Attack

Answer: B

 

NEW QUESTION 28
What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

  • A. Speed up the process by not performing IP addresses DNS resolution in the Log files
  • B. Display detailed log chains (all the log segments a log record consists of)
  • C. Display both the date and the time for each log record
  • D. Display account log records only

Answer: A

 

NEW QUESTION 29
Which of the following is a default directory in a Mac OS X that stores security-related logs?

  • A. /var/log/cups/access_log
  • B. /Library/Logs/Sync
  • C. ~/Library/Logs
  • D. /private/var/log

Answer: C

 

NEW QUESTION 30
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

  • A. DNS/ Web Server logs with IP addresses.
  • B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
  • C. Apache/ Web Server logs with IP addresses and Host Name.
  • D. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

Answer: C

 

NEW QUESTION 31
Which of the following formula is used to calculate the EPS of the organization?

  • A. EPS = number of correlated events / time in seconds
  • B. EPS = number of normalized events / time in seconds
  • C. EPS = number of security events / time in seconds
  • D. EPS = average number of correlated events / time in seconds

Answer: D

 

NEW QUESTION 32
What does the Security Log Event ID 4624 of Windows 10 indicate?

  • A. An account was successfully logged on
  • B. New process executed
  • C. Service added to the endpoint
  • D. A share was assessed

Answer: A

 

NEW QUESTION 33
Identify the HTTP status codes that represents the server error.

  • A. 2XX
  • B. 5XX
  • C. 4XX
  • D. 1XX

Answer: B

 

NEW QUESTION 34
......

Pass EC-COUNCIL 312-39 Exam – Experts Are Here To Help You: https://www.passexamdumps.com/312-39-valid-exam-dumps.html

Get Latest EC-COUNCIL CSA 312-39 Practice Test For Quick Preparation: https://drive.google.com/open?id=1cE8i1F9Rn2yX1eI6LE0k8bMcUxg-oAks

Related Articles

more
EC-COUNCIL 312-39 Certification Practice Exam