• Home
  • Blogs
  • [Dec 29, 2021] 312-39 certification guide Q&A from Training Expert ExamPrepAway [Q20-Q40]

[Dec 29, 2021] 312-39 certification guide Q&A from Training Expert ExamPrepAway [Q20-Q40]

Share

[Dec 29, 2021] 312-39 certification guide Q&A from Training Expert ExamPrepAway

312-39 Certification Overview Latest 312-39 PDF Dumps

NEW QUESTION 20
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

  • A. Incident Disclosure
  • B. Post-Incident Activities
  • C. Incident Triage
  • D. Incident Recording and Assignment

Answer: D

 

NEW QUESTION 21
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex
/((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?

  • A. XSS Attack
  • B. Parameter Tampering Attack
  • C. SQL Injection Attack
  • D. Directory Traversal Attack

Answer: A

 

NEW QUESTION 22
Which of the following command is used to enable logging in iptables?

  • A. $ iptables -A OUTPUT -j LOG
  • B. $ iptables -A INPUT -j LOG
  • C. $ iptables -B OUTPUT -j LOG
  • D. $ iptables -B INPUT -j LOG

Answer: A

 

NEW QUESTION 23
Identify the attack in which the attacker exploits a target system through publicly known but still unpatched vulnerabilities.

  • A. Slow DoS Attack
  • B. DNS Poisoning Attack
  • C. Zero-Day Attack
  • D. DHCP Starvation

Answer: C

 

NEW QUESTION 24
Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance policies?

  • A. Malstrom
  • B. I-Blocklist
  • C. Apility.io
  • D. OpenDNS

Answer: D

 

NEW QUESTION 25
Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

  • A. Load Balancing
  • B. Rate Limiting
  • C. Black Hole Filtering
  • D. Drop Requests

Answer: C

 

NEW QUESTION 26
Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?

  • A. Covering Tracks Attempt
  • B. Concurrent VPN Connections Attempt
  • C. DNS Exfiltration Attempt
  • D. DHCP Starvation Attempt

Answer: C

 

NEW QUESTION 27
Which of the following formula represents the risk levels?

  • A. Level of risk = Consequence * Asset Value
  • B. Level of risk = Consequence * Severity
  • C. Level of risk = Consequence * Likelihood
  • D. Level of risk = Consequence * Impact

Answer: D

 

NEW QUESTION 28
Identify the type of attack, an attacker is attempting on www.example.com website.

  • A. Cross-site Scripting Attack
  • B. SQL Injection Attack
  • C. Session Attack
  • D. Denial-of-Service Attack

Answer: A

 

NEW QUESTION 29
What is the correct sequence of SOC Workflow?

  • A. Collect, Ingest, Validate, Report, Respond, Document
  • B. Collect, Ingest, Validate, Document, Report, Respond
  • C. Collect, Ingest, Document, Validate, Report, Respond
  • D. Collect, Respond, Validate, Ingest, Report, Document

Answer: B

 

NEW QUESTION 30
Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

  • A. Web Services Attacks
  • B. Broken Access Control Attacks
  • C. Session Management Attacks
  • D. XSS Attacks

Answer: D

 

NEW QUESTION 31
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

  • A. Incident Triage -> Eradication -> Containment -> Incident Recording -> Preparation -> Recovery -> Post-Incident Activities
  • B. Incident Recording -> Preparation -> Containment -> Incident Triage -> Recovery -> Eradication -> Post-Incident Activities
  • C. Preparation -> Incident Recording -> Incident Triage -> Containment -> Eradication -> Recovery -> Post-Incident Activities
  • D. Containment -> Incident Recording -> Incident Triage -> Preparation -> Recovery -> Eradication -> Post-Incident Activities

Answer: C

 

NEW QUESTION 32
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

  • A. Switch Logs
  • B. Web Server Logs
  • C. Router Logs
  • D. Windows Event Log

Answer: B

 

NEW QUESTION 33
Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.
He is at which stage of the threat intelligence life cycle?

  • A. Processing and Exploitation
  • B. Collection
  • C. Dissemination and Integration
  • D. Analysis and Production

Answer: A

 

NEW QUESTION 34
What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

  • A. Speed up the process by not performing IP addresses DNS resolution in the Log files
  • B. Display account log records only
  • C. Display both the date and the time for each log record
  • D. Display detailed log chains (all the log segments a log record consists of)

Answer: A

 

NEW QUESTION 35
Which of the following factors determine the choice of SIEM architecture?

  • A. SMTP Configuration
  • B. DNS Configuration
  • C. DHCP Configuration
  • D. Network Topology

Answer: B

 

NEW QUESTION 36
Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?

  • A. Incident Classification
  • B. Incident Analysis and Validation
  • C. Incident Recording
  • D. Incident Prioritization

Answer: A

 

NEW QUESTION 37
Which of the following Windows features is used to enable Security Auditing in Windows?

  • A. Local Group Policy Editor
  • B. Windows Defender
  • C. Bitlocker
  • D. Windows Firewall

Answer: A

 

NEW QUESTION 38
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?

  • A. show logging | forward 210
  • B. show logging | route 210
  • C. show logging | include 210
  • D. show logging | access 210

Answer: C

 

NEW QUESTION 39
Identify the HTTP status codes that represents the server error.

  • A. 2XX
  • B. 1XX
  • C. 4XX
  • D. 5XX

Answer: D

 

NEW QUESTION 40
......


What Does It Cover?

The EC-Council 312-39 exam is built around the topic areas listed below:

  • Incident Detection with Security Information and Event Management (SIEM);
  • Enhanced Incident Detection with Threat Intelligence;
  • Security Operations & Management;
  • Incidents, Events, and Logging;
  • Incident Response.
  • Understanding Cyber Threats, IoCs, and Attack Methodology;

 

The Best EC-COUNCIL 312-39 Study Guides and Dumps of 2021: https://www.examprepaway.com/EC-COUNCIL/braindumps.312-39.ete.file.html

Top EC-COUNCIL 312-39 Exam Audio Study Guide! Practice Questions Edition: https://drive.google.com/open?id=1CicWl79seu7CTvb8VGs6X1TzAIHidf3z

Related Blogs

more
EC-COUNCIL 312-39 Certification Practice Exam