Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sixtybuddy

312-39 Certified SOC Analyst (CSA) Questions and Answers

Questions 4

What does the Security Log Event ID 4624 of Windows 10 indicate?

Options:

A.

Service added to the endpoint

B.

A share was assessed

C.

An account was successfully logged on

D.

New process executed

Buy Now
Questions 5

Which of the following tool is used to recover from web application incident?

Options:

A.

CrowdStrike FalconTM Orchestrator

B.

Symantec Secure Web Gateway

C.

Smoothwall SWG

D.

Proxy Workbench

Buy Now
Questions 6

Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.

What among the following should Wesley avoid from considering?

Options:

A.

Deserialization of trusted data must cross a trust boundary

B.

Understand the security permissions given to serialization and deserialization

C.

Allow serialization for security-sensitive classes

D.

Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes

Buy Now
Questions 7

Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

Options:

A.

File Injection Attacks

B.

URL Injection Attacks

C.

LDAP Injection Attacks

D.

Command Injection Attacks

Buy Now
Questions 8

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Options:

A.

index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B.

index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C.

index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D.

index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Buy Now
Questions 9

Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.

What does these TTPs refer to?

Options:

A.

Tactics, Techniques, and Procedures

B.

Tactics, Threats, and Procedures

C.

Targets, Threats, and Process

D.

Tactics, Targets, and Process

Buy Now
Questions 10

Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.

Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

Options:

A.

SystemDrive%\inetpub\logs\LogFiles\W3SVCN

B.

SystemDrive%\LogFiles\inetpub\logs\W3SVCN

C.

%SystemDrive%\LogFiles\logs\W3SVCN

D.

SystemDrive%\ inetpub\LogFiles\logs\W3SVCN

Buy Now
Questions 11

Which of the following are the responsibilities of SIEM Agents?

1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.

2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.

3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.

4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

Options:

A.

1 and 2

B.

2 and 3

C.

1 and 4

D.

3 and 1

Buy Now
Questions 12

Which encoding replaces unusual ASCII characters with "%" followed by the character’s two-digit ASCII code expressed in hexadecimal?

Options:

A.

Unicode Encoding

B.

UTF Encoding

C.

Base64 Encoding

D.

URL Encoding

Buy Now
Questions 13

Which of the following contains the performance measures, and proper project and time management details?

Options:

A.

Incident Response Policy

B.

Incident Response Tactics

C.

Incident Response Process

D.

Incident Response Procedures

Buy Now
Questions 14

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.

What Chloe is looking at?

Options:

A.

Error log

B.

System boot log

C.

General message and system-related stuff

D.

Login records

Buy Now
Questions 15

InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.

Identify the job role of John.

Options:

A.

Security Analyst – L1

B.

Chief Information Security Officer (CISO)

C.

Security Engineer

D.

Security Analyst – L2

Buy Now
Questions 16

Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.

What is the first step that the IRT will do to the incident escalated by Emmanuel?

Options:

A.

Incident Analysis and Validation

B.

Incident Recording

C.

Incident Classification

D.

Incident Prioritization

Buy Now
Questions 17

Identify the attack in which the attacker exploits a target system through publicly known but still unpatched vulnerabilities.

Options:

A.

Slow DoS Attack

B.

DHCP Starvation

C.

Zero-Day Attack

D.

DNS Poisoning Attack

Buy Now
Questions 18

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.

Identify the stage in which he is currently in.

Options:

A.

Post-Incident Activities

B.

Incident Recording and Assignment

C.

Incident Triage

D.

Incident Disclosure

Buy Now
Questions 19

Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:

http://www.terabytes.com/process.php./../../../../etc/passwd

Options:

A.

Directory Traversal Attack

B.

SQL Injection Attack

C.

Denial-of-Service Attack

D.

Form Tampering Attack

Buy Now
Questions 20

Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?

Options:

A.

Keywords

B.

Task Category

C.

Level

D.

Source

Buy Now
Questions 21

Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

Options:

A.

DHCP Starvation Attacks

B.

DHCP Spoofing Attack

C.

DHCP Port Stealing

D.

DHCP Cache Poisoning

Buy Now
Questions 22

Which of the following is a Threat Intelligence Platform?

Options:

A.

SolarWinds MS

B.

TC Complete

C.

Keepnote

D.

Apility.io

Buy Now
Questions 23

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.

What does this indicate?

Options:

A.

Concurrent VPN Connections Attempt

B.

DNS Exfiltration Attempt

C.

Covering Tracks Attempt

D.

DHCP Starvation Attempt

Buy Now
Questions 24

Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Options:

A.

Containment –> Incident Recording –> Incident Triage –> Preparation –> Recovery –> Eradication –> Post-Incident Activities

B.

Preparation –> Incident Recording –> Incident Triage –> Containment –> Eradication –> Recovery –> Post-Incident Activities

C.

Incident Triage –> Eradication –> Containment –> Incident Recording –> Preparation –> Recovery –> Post-Incident Activities

D.

Incident Recording –> Preparation –> Containment –> Incident Triage –> Recovery –> Eradication –> Post-Incident Activities

Buy Now
Questions 25

Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

Options:

A.

Parameter Tampering Attack

B.

XSS Attack

C.

Directory Traversal Attack

D.

SQL Injection Attack

Buy Now
Questions 26

Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.

Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

Options:

A.

Threat pivoting

B.

Threat trending

C.

Threat buy-in

D.

Threat boosting

Buy Now
Questions 27

An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

Options:

A.

Cloud, MSSP Managed

B.

Self-hosted, Jointly Managed

C.

Self-hosted, Self-Managed

D.

Self-hosted, MSSP Managed

Buy Now
Questions 28

Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

Options:

A.

Load Balancing

B.

Rate Limiting

C.

Black Hole Filtering

D.

Drop Requests

Buy Now
Questions 29

What does [-n] in the following checkpoint firewall log syntax represents?

fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

Options:

A.

Speed up the process by not performing IP addresses DNS resolution in the Log files

B.

Display both the date and the time for each log record

C.

Display account log records only

D.

Display detailed log chains (all the log segments a log record consists of)

Buy Now
Questions 30

Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.

What filter should Peter add to the 'show logging' command to get the required output?

Options:

A.

show logging | access 210

B.

show logging | forward 210

C.

show logging | include 210

D.

show logging | route 210

Buy Now
Exam Code: 312-39
Exam Name: Certified SOC Analyst (CSA)
Last Update: Apr 20, 2024
Questions: 100

PDF + Testing Engine

$130

Testing Engine

$95

PDF (Q&A)

$80