Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors

312-39 Certified SOC Analyst (CSA) Questions and Answers

Questions 4

Identify the type of attack, an attacker is attempting on www.example.com website.

312-39 Question 4

Options:

A.

Cross-site Scripting Attack

B.

Session Attack

C.

Denial-of-Service Attack

D.

SQL Injection Attack

Buy Now
Questions 5

Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

Options:

A.

Dictionary Attack

B.

Rainbow Table Attack

C.

Bruteforce Attack

D.

Syllable Attack

Buy Now
Questions 6

Which of the following is a default directory in a Mac OS X that stores security-related logs?

Options:

A.

/private/var/log

B.

/Library/Logs/Sync

C.

/var/log/cups/access_log

D.

~/Library/Logs

Buy Now
Questions 7

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

Options:

A.

DoS Attack

B.

Man-In-Middle Attack

C.

Ransomware Attack

D.

Reconnaissance Attack

Buy Now
Questions 8

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

Options:

A.

Evidence Gathering

B.

Evidence Handling

C.

Eradication

D.

Systems Recovery

Buy Now
Questions 9

Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.

What is Ray and his team doing?

Options:

A.

Blocking the Attacks

B.

Diverting the Traffic

C.

Degrading the services

D.

Absorbing the Attack

Buy Now
Questions 10

Which of the following attack can be eradicated by filtering improper XML syntax?

Options:

A.

CAPTCHA Attacks

B.

SQL Injection Attacks

C.

Insufficient Logging and Monitoring Attacks

D.

Web Services Attacks

Buy Now
Questions 11

Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.

What is the first step that the IRT will do to the incident escalated by Emmanuel?

Options:

A.

Incident Analysis and Validation

B.

Incident Recording

C.

Incident Classification

D.

Incident Prioritization

Buy Now
Questions 12

Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider (MSSP).

What kind of SIEM is Robin planning to implement?

Options:

A.

Self-hosted, Self-Managed

B.

Self-hosted, MSSP Managed

C.

Hybrid Model, Jointly Managed

D.

Cloud, Self-Managed

Buy Now
Questions 13

Which of the following formula is used to calculate the EPS of the organization?

Options:

A.

EPS = average number of correlated events / time in seconds

B.

EPS = number of normalized events / time in seconds

C.

EPS = number of security events / time in seconds

D.

EPS = number of correlated events / time in seconds

Buy Now
Questions 14

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.

What does this event log indicate?

Options:

A.

SQL Injection Attack

B.

Parameter Tampering Attack

C.

XSS Attack

D.

Directory Traversal Attack

Buy Now
Questions 15

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.

Original URL: https://www.buyonline.com/product.aspx?profile=12 &debit=100 Modified URL: https://www.buyonline.com/product.aspx?profile=12 &debit=10

Identify the attack depicted in the above scenario.

Options:

A.

Denial-of-Service Attack

B.

SQL Injection Attack

C.

Parameter Tampering Attack

D.

Session Fixation Attack

Buy Now
Questions 16

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.

What does this event log indicate?

Options:

A.

Directory Traversal Attack

B.

Parameter Tampering Attack

C.

XSS Attack

D.

SQL Injection Attack

Buy Now
Questions 17

Which of the following Windows Event Id will help you monitors file sharing across the network?

Options:

A.

7045

B.

4625

C.

5140

D.

4624

Buy Now
Questions 18

An organization is implementing and deploying the SIEM with following capabilities.

312-39 Question 18

What kind of SIEM deployment architecture the organization is planning to implement?

Options:

A.

Cloud, MSSP Managed

B.

Self-hosted, Jointly Managed

C.

Self-hosted, Self-Managed

D.

Self-hosted, MSSP Managed

Buy Now
Questions 19

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.

Identify the stage in which he is currently in.

Options:

A.

Post-Incident Activities

B.

Incident Recording and Assignment

C.

Incident Triage

D.

Incident Disclosure

Buy Now
Questions 20

What does HTTPS Status code 403 represents?

Options:

A.

Unauthorized Error

B.

Not Found Error

C.

Internal Server Error

D.

Forbidden Error

Buy Now
Questions 21

Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?

Options:

A.

FISMA

B.

HIPAA

C.

PCI-DSS

D.

DARPA

Buy Now
Questions 22

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

Options:

A.

Rate Limiting

B.

Egress Filtering

C.

Ingress Filtering

D.

Throttling

Buy Now
Questions 23

Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Options:

A.

Hybrid Attack

B.

Bruteforce Attack

C.

Rainbow Table Attack

D.

Birthday Attack

Buy Now
Questions 24

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

Options:

A.

threat_note

B.

MagicTree

C.

IntelMQ

D.

Malstrom

Buy Now
Questions 25

Which of the following are the responsibilities of SIEM Agents?

1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.

2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.

3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.

4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

Options:

A.

1 and 2

B.

2 and 3

C.

1 and 4

D.

3 and 1

Buy Now
Questions 26

What does Windows event ID 4740 indicate?

Options:

A.

A user account was locked out.

B.

A user account was disabled.

C.

A user account was enabled.

D.

A user account was created.

Buy Now
Questions 27

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Options:

A.

index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B.

index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C.

index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D.

index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Buy Now
Questions 28

John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.

Which of the following types of threat intelligence did he use?

Options:

A.

Strategic Threat Intelligence

B.

Technical Threat Intelligence

C.

Tactical Threat Intelligence

D.

Operational Threat Intelligence

Buy Now
Questions 29

The Syslog message severity levels are labelled from level 0 to level 7.

What does level 0 indicate?

Options:

A.

Alert

B.

Notification

C.

Emergency

D.

Debugging

Buy Now
Questions 30

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.

What does this indicate?

Options:

A.

Concurrent VPN Connections Attempt

B.

DNS Exfiltration Attempt

C.

Covering Tracks Attempt

D.

DHCP Starvation Attempt

Buy Now
Exam Code: 312-39
Exam Name: Certified SOC Analyst (CSA)
Last Update: Nov 19, 2024
Questions: 100

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now 312-39 testing engine

PDF (Q&A)

$35  $99.99
buy now 312-39 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 21 Nov 2024